diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index 50a6dc9e0..92e7aa5ef 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -253,6 +253,15 @@ DNAT    net:<emphasis>&lt;address&gt;</emphasis> loc:&lt;l<emphasis>ocal IP addr
             matches OUT=&lt;dev&gt; and DEST= &lt;ip&gt;from the REJECT/DROP
             log message.</para>
           </listitem>
+
+          <listitem>
+            <para>If everything seems to be correct according to these tests
+            but the connection doesn't work, it may be that your ISP is
+            blocking SYN,ACK responses. This technique allows your ISP to
+            detect when you are running a server (in violation of your service
+            agreement) and to stop connections to that server from being
+            established. </para>
+          </listitem>
         </itemizedlist>
       </section>