Dear Filipe, > On Fri, Feb 6, 2009 at 13:13, Marcus Moeller <mm at gcug.de> wrote: >> I am trying to forward packages on an internal device using iptables: >> >> /sbin/iptables -A FORWARD -i eth0 -o eth0 -m state --state >> NEW,RELATED,ESTABLISHED -j ACCEPT > > What is your network topology? How are the packages being routed and > yet leaving through the same interface? Are you using supernetting? Or > VLANs based on IP addresses? The packages should be routed through the internal physical interface (eth0). I am not using VLans nor supernetting on that > What are the IPs in your network interfaces? The IP configuration on that interface looks like: NETMASK=255.255.255.0 IPADDR=192.168.100.254 And I have added the following route to it: 172.28.0.0/16 via 192.168.100.100 As you may have read in one of my previous posts, the packages seems to be routed correctly but are blocked by netfilter. Here is my iptables-config: http://pastebin.centos.org/23906 >> but the packages are still blocked, e.g.: >> Feb 6 20:58:28 firewall kernel: DROP-TCP IN=eth0 OUT=eth0 >> SRC=192.168.100.177 DST=172.28.2.184 LEN=40 TOS=0x00 PREC=0x00 TTL=127 >> ID=16609 PROTO=TCP SPT=7166 DPT=3590 WINDOW=0 RES=0x00 ACK RST URGP=0 > > >From the dump of the iptables it looks like it is reaching the my_drop chain. > > In your iptables output the interfaces for the rules do not show... It > is also hard to read because lines are wrapped in the e-mail... Could > you please run 'iptables -nvL' and post the output to > http://pastebin.centos.org/, send us the link here? That might help > diagnose your problem. Here is the output of iptables -nvL http://pastebin.centos.org/23909 and here the active ruleset: http://pastebin.centos.org/23912 Best Regards Marcus