From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leonardo Subject: Re: ICMP frag needed not forwarded to MSQ clients Date: Fri, 27 May 2005 09:07:32 +0200 Message-ID: <3b1e6f4805052700076d965d98@mail.gmail.com> References: <3b1e6f48050525011730fa7e44@mail.gmail.com> <3b1e6f480505260025707940fd@mail.gmail.com> <3b1e6f48050526054740113f78@mail.gmail.com> <3b1e6f4805052607095d2736c5@mail.gmail.com> <3b1e6f480505270006ea481be@mail.gmail.com> Reply-To: Leonardo Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <3b1e6f480505270006ea481be@mail.gmail.com> Content-Disposition: inline List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: netfilter@lists.netfilter.org On 5/26/05, Jozsef Kadlecsik wrote: > > Do the packet correspond to what you expect as ICMP reply packet: src and > dst IP addresses are OK? What's inside the packet, i.e the src/dst IP, > protocol, ports inside the ICMP error message are OK? > > Best regards, > Jozsef > - Everything seems to be ok... src is the next hop after the gateway on eth2 (the VPN box), dst is eth2, TCP ports are ok. ICMP msg correctly encapsulate the previos IP datagram (ACK number correspond) that needs fragmentation... On the other hand ICMP echo packets works correctly, they report the same dst (eth2) and are correctly unmasqueraded and forwarded to the client... Could it be something distribution-related setting or patch? I'm using Gentoo. Thank you -- Leonardo Arena