Hello, I thought that these iptables rules:
snoopy:~# iptables -v -L ppp0-out Chain ppp0-out (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- any any 192.168.0.0/16 anywhere LOG level warning 0 0 REJECT all -- any any 192.168.0.0/16 anywhere reject-with icmp-port-unreachable 9 868 ACCEPT all -- any any anywhere anywhere and: Chain OUTPUT (policy DROP 1 packets, 40 bytes) pkts bytes target prot opt in out source destination 26 1994 ppp0-out all -- any ppp0 anywhere anywhere would prevent packets with the source address 192.168.*.* from appearing on ppp0, however it doesn't. In fact, even if I run ping to an outside host from a 192.168.*.* computer (eth0), none of the counters for INPUT, FORWARD, or OUTPUT are incremented (if I turn on masquerading everything works as expected though). So, how can the packet get received by eth0, be forwarded to ppp0, and transmitted out ppp0 without any of the chain counters recording it? I know the packet is appearing on ppp0 by looking at tcpdump, ifconfig and the transmit light on the modem. I am confused... I can only guess that some sort of optimisation is occurring, but seems strange it only occurs without masquerading or SNAT. Am I doing something obvious wrong? -- Brian May <[EMAIL PROTECTED]>