Gday Hello one of my server FC11 x64 bit running Tproxy with combination of iptables + ebtables rules during peek hours machine was rash with given such as error "kernel panic " . when i replace tproxy with netfilter and remove ebtables rules just use simple iptables with NAT rules everything was fine. anyone faced this issue before ? find below my configuration Kernel =2.6.29.6-217.2.8.fc11.x86_64 O/S= FC 11 x64 Intel based iptables= v1.4.3.1 ebtables= v2.0.9-1 firewall.conf #!/bin/sh IPTABLES=/sbin/iptables EBTABLES=/sbin/ebtables EXTDEV="eth0" INTDEV="eth1" SERVERIP="xxx.xxx.xxx.15" ${EBTABLES} -t broute -F ${EBTABLES} -t broute -A BROUTING -i $EXTDEV -p ipv4 --ip-protocol tcp --ip-source-port 80 -j redirect --redirect-target DROP ${EBTABLES} -t broute -A BROUTING -i $INTDEV -p ipv4 --ip-protocol tcp --ip-destination-port 80 -j redirect --redirect-target DROP ${IPTABLES} -F ${IPTABLES} -F -t nat ${IPTABLES} -F -t mangle ${IPTABLES} -v -t mangle -N DIVERT ${IPTABLES} -v -t mangle -A DIVERT -j MARK --set-mark 1 ${IPTABLES} -v -t mangle -A DIVERT -j ACCEPT ${IPTABLES} -v -t mangle -A PREROUTING -p tcp -m socket -j DIVERT ${IPTABLES} -v -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 ${IPTABLES} -I INPUT -s $SERVERIP -i br0 -j REJECT ${IPTABLES} -A INPUT -m state --state INVALID -j DROP ${IPTABLES} -A INPUT -s xxx.xxx.xxx.0/24 -j ACCEPT ${IPTABLES} -I INPUT -i lo -j ACCEPT ${IPTABLES} -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ${IPTABLES} -A INPUT -j DROP ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 sysctl -w net.ipv4.ip_nonlocal_bind=1 sysctl -w net.ipv4.ip_forward=1