As mentioned in some other mail, always use iptables -F IMPUT first to avoid piling up rules like in your case. You defined three rules and there shouldn't be more (its not a windows maschine after all).
A couple more questions. What is your net set up: Are 192.168.2.2 and xxx.yyy.zzz.com (the ip it resolves to, that is) different adaptors, possibly xxx.yyy.zzz.com is eth0 and the other one eth1? All your packages apply only for packages coming into eth0, except the default rule. So I would assume, the from internal network coming smtp connection is not coming through eth0 but is the one which got accepted in the default policy line? > Chain INPUT (policy ACCEPT 1 packets, 102 bytes) I dont still cannot say where the missing smtp packages are. Try to use iptables -nvL (keeps iptables from reverse resolving ip addresses and port numbers) just to make sure, smtp means port 25. As your last line put a rule in which logs all packages which does't get effected by any of the rules, and monitor your adaptor using tcpdump -i eth0 Finally check the other rulesets in iptables, e.g. nat (by iptables -t nat -vnL) or just dump everything to the console using iptables-save. Looking at all these, people might say more about smtp-packages going astry Mathias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
