-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Gregory P. Ennis wrote: << -- SNIP -- >> >Mike, > >Thanks for the response. Here are my iptables entries > >:LOG_9100 - [0:0] >-A FORWARD -s ###.###.###.### -p tcp --sport 9100 -j LOG_9100 > >where ###.###.###.### is the ip address I am using. > >-A LOG_9100 -j LOG --log-prefix "[IPTABLES 9100 DROP] : \ > --log-tcp-options --log-ip-options >-A LOG_9100 -j REJECT --reject-with icmp-port-unreachable > > Greg, (1) This rule needs to be before any -j ACCEPT rules for the chain. The problem may be just that.... or.. (2) The IP needs to be on a machine you are doing the FORWARDING for and not your local IP. The local IP is not technically forwarded, since it is a direct connection. (3) Be sure you are not using NAT or any other services related. NAT and PREROUTING rules take effect before the filter rules in the chain. Probably, the best place for the rule would be the INPUT or OUTPUT chain and not the FORWARD chain. Good Luck, James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDl0wYkNLDmnu1kSkRA9CNAJ4hh19dQppj6BaGFeDRhPOlxGPuVACeKcbS mI5aNn0y9xm/8Icoaqpw1cc= =/yMH -----END PGP SIGNATURE----- -- Scanned by ClamAV - http://www.clamav.net
