On 12/19/05, martin <mgrap at gmx dot de> wrote:
> class 2: TCP Data packets coming from a web server. Examples:
> class 3: TCP RST packets coming from a web server. Examples:
these are almost certainly:
> But maybe I am misinterpreting the log entries. Is it possible that the
> packets of class 2 and 3 were dropped by the firewall after NAT did
> replace the public receiver address with the private IP address?
yes. NAT always applies first, then firewall rules.