Hi, On Fri, Dec 12, 2008 at 15:45, Art Age Software <artagesw at gmail.com> wrote: > IPTABLES -A XXX -i bond0 -p tcp -m tcp -s -d > --dport 11211 -j ACCEPT > Dec 12 20:33:53 s1 kernel: DROP -- Catch All: IN= OUT=bond0 > SRC= DST= LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 > DF PROTO=TCP SPT=11211 DPT=47567 WINDOW=0 RES=0x00 RST URGP=0 The packages it's dropping are with *source* port 11211, they are the replies. Either configure your firewall in stateful mode (-m state, --state NEW, --state ESTABLISHED, etc.) or add rules to allow the replies from that source port. HTH, Filipe