I have a small network with a firewall running Debian 7.4. I have a set of rules as follows DNAT net loc:192.168.1.10 tcp 6881 DNAT net loc:192.168.1.10 udp 6881 DNAT net loc:192.168.1.10 tcp 7881 DNAT net loc:192.168.1.10 udp 7881 DNAT net loc:192.168.1.10 tcp 8881 DNAT net loc:192.168.1.10 udp 8881 However, the log appears to show that packets are being processed in the input chain and thus dropped. Examples: Feb 9 11:04:35 hawthorn kernel: [ 33.755144] Shorewall:net2fw:DROP:IN=eth1 OUTMAC=00:05:5d:df:2b:c0:00:30:b8:d1:dd:34:08:00 SRC=84.236.104.54 DST=86.16.18.41 LEN=58 TOS=0x00 PREC=0x00 TTL=114 ID=16849 PROTO=UDP SPT=43226 DPT=6881 LEN=38 Feb 9 16:24:13 hawthorn kernel: [13732.666341] Shorewall:net2fw:DROP:IN=eth1 OUTMAC=00:05:5d:df:2b:c0:00:30:b8:d1:dd:34:08:00 SRC=105.237.76.28 DST=86.16.18.41 LEN=129 TOS=0x00 PREC=0x00 TTL=111 ID=16779 PROTO=UDP SPT=55180 DPT=7881 LEN=109 I've probably done something stupid but can't find it. While I can find a number of examples of this in my logs, the problem came to light as, over the past few days, I am receiving a constant stream of packets and the messages blew my /var/logs Dump attached. Regards Tony ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk