On Tue, 2 Jul 2002 [EMAIL PROTECTED] wrote: > I would like to SNAT icmp fragmentation-needed messages that have source > address from private network range (RFC1918). Because these packets are > part of valid TCP connection, they are processed by ip_conntrack module > and cannot be SNATed...
Just to explain why it is required, one has to draw the topology: MTU small ----- router1 ---- router2 ---- routeable private routeable addresses addresses addresses Currently there is no way to solve the problem by netfilter. As the raw table will be ready, it will make possible to solve it. Regards, Jozsef - E-mail : [EMAIL PROTECTED], [EMAIL PROTECTED] WWW-Home: http://www.kfki.hu/~kadlec Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary