Gene Heskett wrote: [snip...] > What can I check next please? Based on my understanding of your post (it's kinda confusing), it sounds like you might have a stale arp entry somewhere. You should be able to confirm this by: 1) Running "arp -a" to verify that the new MAC address has been updated by the systems on the same LAN segment. 2) Running tcpdump on your firewall and take note of the layer 2 src/dst MAC addresses. Especially the return packet from your ISP's router. 3) Clear your iptable rules, then re-enable them. FWIW: A lot of ISP's configure their routers with long arp cache timeouts. So if you changed the NIC card that connects (talks) directly to your ISP's router, then it could be replying to your other NIC's MAC address. This stale arp condition could last for hours depending on how long your ISP have their routers arp cache configured. If this is the case (tcpdump should point this out), then you can either phone your ISP and request that they purge the old MAC address at their end (good luck) -or- try the brute force method by issuing an arping -U (AKA: gratuitous arp). See: man arping Steve Cowles
