On Sat, Aug 06, 2005 at 02:08:15AM +0400, Vladimir B. Savkin wrote: > I found that it really is NOTRACK who cause? bogus ICMP errors.
Well, this means that your ICMP errors need to be NAT'ed but they cannot, since the original connection causing the ICMP error did not go through connection tracking. Your not-correctly-NATed ICMP packets are the logical result of this configuration. Use of NOTRACK in combination with NAT is _extremely_ dangerous, and unless you understand it's full implications, I would not recommend combining the two. So it seems your use of NOTRACK is invalid in this setup - and thus like a configuration problem. -- - Harald Welte <[EMAIL PROTECTED]> http://gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
pgp6WMm07KihA.pgp
Description: PGP signature