iptables debugging/packet checkin

[Bradley Chapman]

        I am currently running Linux kernel 2.4.0-test1 on a dedicated
server machine, with the new netfilter
architecture and the iptables program. I am having major difficulties
getting the packet filtering and NAT tables
properly configured. I am experiencing long access times, dead-end
packets, and problems accessing my Web server
and other machines on the network.  Removing the rules and resetting
the chain policies fixes the problem. I
suspect that my translation of my ipchains rules were to blame. I
tried sub-chains, grouping rules together based
on their protocols and ports, but to no avail. The HOWTOs don't seem
to help.
        I am also having difficulties debugging it. With ipchains, you
could check a packet to see if it worked with the
rulesets. Does anybody know where I can get a beta or finished patch
or full version of iptables that includes a packet-checking function?
And does anyone also have any tips on how to configure the IP tables?

Regards,

Brad Chapman