iptables NAT and ICMP error messages

iptables NAT and ICMP error messages

[Jerry Alexander]

Dear NF:

          Set up three linux boxes. 
          Sending out iperf udp's to second box which is PREROUTED to 
the 3rd box and
prerouted back to the second and then to the first:

           Doing
-A PREROUTING -d 192.168.0.15 -i eth0 -p udp -j DNAT --to-destination 
192.169.0.30
and so on.
Also do a POSTROUTING command to change the source address before 
sending back
to the first box.

The good news is that the packets get routed from 1 to 2 to 3 to 2 to 1 
and have the
altered src and dest address.
Problem is I am also getting tons of ICMP destination unreachable messages.
Tried putting in some FORWARD commands but this did nothing.
Can some one tell me the source of these ICMP error messages and how to
eliminate them?
Running linux 2.4-20 and "yes" , ip_forward is set to 1.


                                                                                  
Jerry

Re: iptables NAT and ICMP error messages

[Henrik Nordstrom]

On Tue, 25 Oct 2005, Jerry Alexander wrote:

> Problem is I am also getting tons of ICMP destination unreachable messages.

What does the ICMP errors say? Who is unreachable from where, on what 
protocol & port? Says who?  (tcpdump tells you all these small facts..)

Regards
Henrik