turns out some container-to-host connections pass through the FORWARD chain, and some pass through the INPUT chain. hmm. well whatever. got it now. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20110730/ced9f522/attachment.html>