Re: 2.1.102: ipchains: REJECT does only DENY - network gurus please

Steffen Zahn (zahn@berlin.snafu.de)
Mon, 18 May 1998 20:44:49 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Woodhouse: "Re: specify kernel boot params without boot loader ?"
Previous message: Alex Buell: "Re: ppp problems in 2.1.102"
Next in thread: ak@muc.de: "Re: 2.1.102: ipchains: REJECT does only DENY - network gurus please"
Reply: ak@muc.de: "Re: 2.1.102: ipchains: REJECT does only DENY - network gurus please"

>>>>> "ak" == ak <ak@muc.de> writes:

ak> Masquerading rules don't send ICMP messages.

ak> But there is another problem I first did think of. It means that
ak> Linux 2.1 will never send "normal" DEST_UNREACH/NET_UNREACH
ak> messages because that code uses icmp_send too. So we need to solve
ak> it.

That is exactly my problem. In the case of offline operation the server
also drops all masquerading rules. And even if I don't use firewall
reject rules and just have no route to a destination B set on the server
the client A will not get anything back (Network unreachable etc.)
if A tries to reach B via the server.

Sorry if I did not make this clear enough.

Steffen

-- home email: user@domain where domain=berlin.snafu.de, user=zahn Use of my address for unsolicited commercial advertising is forbidden. 2^3021377 - 1 | "Where do you want to crash today?"

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu

Next message: David Woodhouse: "Re: specify kernel boot params without boot loader ?"
Previous message: Alex Buell: "Re: ppp problems in 2.1.102"
Next in thread: ak@muc.de: "Re: 2.1.102: ipchains: REJECT does only DENY - network gurus please"
Reply: ak@muc.de: "Re: 2.1.102: ipchains: REJECT does only DENY - network gurus please"