Hi folks, somebody else is experiencing this same problem?
On Sat, Jan 31, 2009 at 5:21 PM, sas2000 <[email protected]> wrote: > Hi, > > I confirm this bug. I've experienced the same icmp errors with three > different firewalls using 4.4 and nat. > > If I add the static-port option to the nat rule then no icmp errors are > experienced, so it's something to do with the nat port relocation. > > Bye > > S. > > > Imre Oolberg-3 wrote: >> >> Hallo again! >> >> When i access internet from behind nat'ting OpenBSD 4.4-current i386 >> platform firewall (20090121 snapshot, under Xen HVM quest if this test >> then qualifies) i get randomly icmp host unreachable messages. At the >> same time network traffic is low and this test firewall is not under any >> mentionable load. For example about five to ten icmp error messages >> appear from firewall to wget client when issuing 300 wgets i a raw, like >> this >> >> $ for i in `seq 1 300`; do wget "http://172.16.0.12/README?count=$i"; -O >> - 1>dhs.$i.log; done >> >> # tcpdump -nttti ne3 icmp >> tcpdump: listening on ne3, link-type EN10MB >> Jan 25 15:21:04.986368 192.168.10.210 > 192.168.10.10: icmp: host >> x.x.x.x unreachable >> Jan 25 15:21:06.444112 192.168.10.210 > 192.168.10.10: icmp: host >> x.x.x.x unreachable >> ... >> >> And insterting one second delay between wgets reduces icmp errors a lot. >> >> I belive it has something to do with a firewall's natting because with >> plain routing it seems to work all right. >> >> I would be very greateful if somebody could comment on this. >> > > -- > View this message in context: > http://www.nabble.com/getting-random-icmp-host-unreachable-messages-from-firewall-tp21651701p21765424.html > Sent from the openbsd user - misc mailing list archive at Nabble.com.
