# Set everything else to deny all other network access (debug=1): $tbls -A dsl-for -j LOG --log-level $debug --log-prefix "dsl-for Everything Else " $tbls -A dsl-for -j DROP packets originating on my VLAN (eth0.5) destined for the Internet get logged with their IN/SRC, OUT/DST logged backwards. For instance, this is Cobian Backup (http://www.cobian.se/cobianbackup.htm) on my Windows Server 2008 Terminal Server (192.168.254.12) trying to contact Cobian's web site (130.239.140.240) to see if there is an update available: Nov 24 15:49:26 server kernel: dsl-for Everything Else IN=eth1 OUT=eth0.5 SRC=130.239.140.240 DST=192.168.254.12 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=16637 PROTO=TCP SPT=2002 DPT=49310 WINDOW=16384 RES=0x00 ACK SYN URGP=0 You will note that IN and OUT, SRC and DST are backwards. I have since created a rule to allow Cobian out (the rules work correctly) . I have had this happen on POP3 from my Terminal Server too. (I have since create a rule for POP3 as well.) Until I figured this out, it was very confusing. For instance when I ran Cobian's eMail configuration test, I saw a SYN packet coming from my ISP to my Terminal Server. Made no sense whatsoever, until I realized the LOG had things backwards. Many thanks, -T ~~~~~~~~~~~~~ifcfg-eth0~~~~~~~~~~~~~~~ # Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) DEVICE=eth0 BOOTPROTO=none BROADCAST=192.168.255.255 IPADDR=192.168.255.10 NETMASK=255.255.255.0 NETWORK=192.168.255.0 GATEWAY=192.168.255.10 ONBOOT=yes USERCTL=yes IPV6INIT=no PEERDNS=no PROMISC=yes TYPE=Ethernet HWADDR=00:30:48:78:8e:92 ~~~~~~~~~~~~~ifcfg-eth0.5 (VLAN)~~~~~~~~~~~~~~~ # Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) #DEVICE=ifcfg-eth0.5 DEVICE=eth0.5 BOOTPROTO=none BROADCAST=192.168.254.255 IPADDR=192.168.254.10 NETMASK=255.255.255.0 NETWORK=192.168.254.0 GATEWAY=192.168.254.10 ONBOOT=yes USERCTL=yes IPV6INIT=no PEERDNS=no PROMISC=yes TYPE=Ethernet VLAN=yes -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.