Some ideas:
Use tcpdump or netstat -i or lsof -i to double check from which IP
the connections are coming. (There are also some entries in /proc/ i
think.)
(We once had a PC with a defective network card or something, and
which sent packages that were inconsistent. So maybe some connections
are going to a different IP. Or maybe your Win2k install binds
multiple IP's to the same Interface.)
Maybe you could try to block the MAC address instead of the IP
address and see if that changes anything.
Use iptables -L to see whether there are other rules which might be
interfering.
Christian.
