I have a syslog server logging to another server, but the other server is not getting the messages. There is a service listening on the correct interface and port. If I tcpdump at the interface I see the packets getting to the machine, but past the interface I cannot see the packets. There is an iptables firewall on the machine. The firewall has a rule set up to allow the packets in, but the packets are not reaching the firewall ( that is, not being accepted, denied, or logged). Dropping the firewall, the app still does not see the packets. Removing the app and just listening with netcat does not see the packets. I tried moving the wire to another machine, and the other machine received the messages just fine. I tried a different interface card, but still the same problem. This leaves the operating system and environment. I checked sysctl fields I am familiar with, but there are a lot of them. Any ideas welcome!

Thanks
Gnomey

Just a quick thought, is there another service, possibly in (x)inetd, that is listening on the same port and taking in all the data? I was going to ask also if you had a firewall rule that drops the packets before it gets to the accept rule, but you said it worked without the firewall so that's probably not it either.

Netstat confirms no other apps are listening on the port. Good suggestion though. I am positive the firewall is not the problem since I have tried it with the firewall off.

Since it sounds like it should be working, just to be sure I think you can set up a simple log rule for iptables. Take the accept line for these packets and right above it in your firewall script add a line to log, kind of like this:
(I belive that's the right syntax, my iptables knowledge is still a bit skimpy.)

And then check logfiles to make sure the packets are at least getting to the firewall.