Good Evening, >> The strange thing is that it seems to be blocked by netfilter. I am >> using exactly the same rules on a Slackware Box without any problems. > ---- > Slackware is the Key here Marcus. The two distros have different modules > built into the kernel by default and maybe a cause for why it is happening? > But Honestly I don't see how you are ever going to forward packets and > requests with the below rule. How are you going to come into and back out of > the same interface? That's why it want traverse How about -i eth0 -o eth1 or > -I eth0 -o eth0:0 As mentioned before, the ruleset is now activated correctly as iptables -L shows: 0 0 ACCEPT all -- eth0 eth0 anywhere anywhere state NEW,RELATED,ESTABLISHED I must admit that it was not in my pastebin posts (my fault). > -A FORWARD -i eth0 -o eth0 -m state --state \ > NEW,RELATED,ESTABLISHED -j ACCEPT > > When you use iptables save it does not save the the rules you just put into > it! You will have to edit /etc/sysconfig/iptables-config: > > # Unload modules on restart and stop > # Value: yes|no, default: yes > # This option has to be 'yes' to get to a sane state for a firewall > # restart or stop. Only set to 'no' if there are problems unloading > netfilter > # modules. > IPTABLES_MODULES_UNLOAD="yes" > > # Save current firewall rules on stop. > # Value: yes|no, default: no > # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets > stopped > # (e.g. on system shutdown). > IPTABLES_SAVE_ON_STOP="yes" > > # Save current firewall rules on restart. > # Value: yes|no, default: no > # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets > # restarted. > IPTABLES_SAVE_ON_RESTART="yes" The rules are stored and activated with service iptables save (and all other rules, e.g. routing into DMZ work fine) I now begin to wonder if it's a routing issue and backroute problem as the respone package may come from a different MAC address: LAN1 -> LINUX_ROUTER -> LAN2 Response: LAN2 -> CORE-ROUTER(with LINUX_ROUTER as default Gateway) -> LINUX_ROUTER | BLOCKED | LAN1 This may be the case as the CORE-ROUTER was not part of the network in good ol' slacky times. Best Regards Marcus