Hello, I'm using kernel 2.6.29 with iptables 1.4.6 and I'm trying to setup a minimal TPROXY. Basically, I've configured another (physical) machine to use my computer as default gateway, then on my machine I've enabled ip_forward and disabled rp_filter everywhere and using these rules: ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 9999 --tproxy-mark 0x1/0x1 There are no other iptables rules, and all chains default to ACCEPT Then, on the remote machine I try to telnet google.com 80, but the connection can't be established. Tcpdump shows that SYN packets arrive but then it's as if they were dropped: they aren't getting to the proxy on port 9999. Any ideas ? -- Stelian Ionescu a.k.a. fe[nl]ix Quidquid latine dictum sit, altum videtur. http://common-lisp.net/project/iolib