There does seem to be a problem in the masq code for kernel 2.0.x. ICMP
packets are not always being masqueraded. Because the packet has an
internal address MTU negotiation can not take place.
The following is from an email by David Ranch discussing this problem:
--begin quote--
I do have a few firewall logs of this. Basically what I've
seen is:
- A firewall error log comes when an internal MASQed
machine sends a ICMP 3/4 forward DENY with an
-internal- address to the remote destination address.
The issue here is that this broken forwarded packet
has a private address (say 192.168.0.10) and NOT the
public IP address.
So, I think the problem stems in the ICMP masq code. Any
thoughts?
--end quote--
Since this has been seen and reported in regards to firewall rules, most of
the records are in the form of rejection logs.
Thanks,
Lourdes
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/