Re: IP Masq question in pre-2.0.31-1

Keith Owens (kaos@ocs.com.au)
Mon, 14 Jul 1997 21:00:30 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Wreski: "Re: 2.0.31 : please!"
Previous message: Christopher Salinardi: "Re: intel penguin bootlogo"
Maybe in reply to: Jon Lewis: "IP Masq question in pre-2.0.31-1"

On Mon, 14 Jul 1997 02:56:42 -0400 (EDT),
Jon Lewis <jlewis@inorganic5.fdt.net> wrote:
>Just out of curiosity, why is the code that prints things like:
>
>MASQ: forward ICMP: failed checksum from 208.136.4.175!
>MASQ: forward ICMP: failed checksum from 151.200.189.101!
>
>outside the ifdef's for CONFIG_IP_MASQUERADE_ICMP. i.e. I don't have
>CONFIG_IP_MASQUERADE_ICMP set in this kernel though I do have
>CONFIG_IP_MASQUERADE, yet am seeing the above on a multi-ether linux
>router. Is there a good reason not obvious to me, or is it an oversight?

Standard masq has to support ICMP replies for outgoing TCP/UDP packets.
Otherwise masqed applications would not see things like "no route to
host" or "need to fragment" and would wait for a long time.
CONFIG_IP_MASQUERADE_ICMP lets masqed hosts do ping or traceroute. The
messages you are seeing are bad checksums on ICMP responses to outgoing
TCP/UDP.

Next message: Dave Wreski: "Re: 2.0.31 : please!"
Previous message: Christopher Salinardi: "Re: intel penguin bootlogo"
Maybe in reply to: Jon Lewis: "IP Masq question in pre-2.0.31-1"