On Wednesday 2012-10-03 20:28, Ajit K Jena wrote: > ># The following is to just produce a log of all outgoing packets from ># IPs that are members in the set src_nm_set. ># The set has only one member with IP 10.209.13.6. > >-A FORWARD -p tcp -m set --match-set src_nm_set src \ > -m multiport --dports 80:64000 -j LOG --log-level 4 --log-prefix >"nm_http_outword: " Why would you allow ports 81 through 64000? That seems like the oddest range ever, even more so than the usually pointless 1024:65535. ># The following is to just produce a log of all incoming packets >-A FORWARD -p tcp -m set --match-set src_nm_set dst \ > -m multiport --sports 80:64000 -j LOG --log-level 4 --log-prefix >"nm_http_inword: " (outward - inward. No words here.) > c) The "inward" log entry is **NOT** produced in the logfile. > d) It appears as if the packet is simply dropped. > How do I go about debugging this further ? Log all other packets that are not logged by the outward or inward one. Their contents may be sufficiently different that your rules don't fire. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
