> -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of Marcus Moeller > Sent: Tuesday, February 10, 2009 2:49 PM > To: CentOS mailing list > Subject: Re: [CentOS] iptables: forwarding on internal device > > I have defined a route to LAN2 over a gateway in LAN1 (same network > segment) and all machines in LAN2 have the CORE-ROUTER > defined as default gw which itself got a last resort to the > LINUX_ROUTER. > > > Only other thing you can do is start from scratch. Save all > your rules and > > add them one at a time. If you can't have it off the > network reduce the > > rules to a bare minimum. Are the switches configured correct? > > I wonder if netfilter just drops a package if it's response comes from > a different MAC address. ---- Sure it Could Happen IF, you have 3 routers between your source and destination machines. Your destination machine will see the MAC address of the third-on-the-way router, not your original machine. This make sense to you? In other words every time a packet hits a new ip it is changed along with the MAC. MAC Spoofing Kinda. But I would not think that netfilter JUST DROPS it for the heck of it. JohnStanley