David A. Ranch wrote:
> >> Feb 10 23:22:59 trinity2 kernel: IP fw-out deny eth0 ICMP/3
> >> 192.168.0.1 24.0.75.172 L=106 S=0xD0 I=24193 F=0x0000 T=64
>
> >ICMP Masq is a separate kernel configuration option in
> 2.0.36+ and 2.2.x.
> >Did you enable it? If you did, did you set up a general
> forwarding rule
> >that covered all traffic or just for tcp and udp?
>
> ICMP Masq is enabled and my MASQ IPFWADM rule is generic:
>
> --
> # Masquerade from local net on local interface to anywhere.
> /sbin/ipfwadm -F -a masquerade -W $extif -S $intnet/24 -D $universe/0
> --
In all the cases I've checked, ICMP logging tends to show the internal
address rather than the masqed address even if the packet is properly
masqed. (else I'd never see the return packets which do arrive properly).
Is this the case on your system?
The question remains why is the packet being denied?
If you'd like to ship over (privately) a copy of your rule set I'll try and
see if I can find a conflict.
Lourdes
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
