Hi, I found out the reason for dropping the packet. On Debugging Kernel I found that in the forward path (ip_forward.c), a particular part of code under a configuration flag (CONFIG_NETFILTER_TABLE_INDEX) is getting executed and was giving the wrong verdict of DROP for the packets. I removed the same from .config file. Now the rules are working as expected. I dont know the meaning of CONFIG_NETFILTER_TABLE_INDEX flag and hence i cannot say whether it is a bug or not. Thanks for the support. :-). I hope this mail might help somebody in the future. thanks and regards sreejith -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html