> Yes indeed - tcpdump gets in before any of the iptables rules so you will see > incoming packets that are subsequently dropped. > > You must have an iptables rule that is dropping them, so I suggest to use watch > of iptables -L to see which rule increments its counter when you ping from 10.9. It's also possible that the kernel route-path filter is dropping the traffic if it's coming in the 'wrong' intreface. You can check /proc/sys/net/ipv4/conf/*/rp_filter and set it to 0 and see if that fixes it. --Rob -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
