masq  

[Masq] Re: [masq] Trying to figure out what packet this is..

Charles Shoemaker
Mon, 15 Feb 1999 15:08:45 -0500


David:
The ipchains howto says that type 3 ICMP packets are 
destination-unreachable, and required by tcp and udp traffic.  It 
says don't ever block them.  (I don't know what's causing your log 
entries....)

Along those lines, in my playing with ipchains, I can't ping my 
firewall from the internet when I have rules in place, even with an 
allow ICMP line in the input rules.  Do I need an "allow ICMP" line 
in the output-to-the-isp rules?  Other thoughts?  I could post the 
ruleset for everyone's scrutiny.  Let me know.

Charlie Shoemaker




> Date:          Thu, 11 Feb 1999 12:40:33 -0800
> To:            [EMAIL PROTECTED]
> From:          "David A. Ranch" <[EMAIL PROTECTED]>
> Subject:       [masq] Trying to figure out what packet this is..

> 
> Hey Guys..
> 
> Recently I've been getting these packet logs to a friend
> of mine's machine:
> 
> --
> Feb 10 23:22:59 trinity2 kernel: IP fw-out deny eth0 ICMP/3 192.168.0.1
> 24.0.75.172 L=106 S=0xD0 I=24193 F=0x0000 T=64
> Feb 10 23:23:02 trinity2 kernel: IP fw-out deny eth0 ICMP/3 192.168.0.1
> 24.0.75.172 L=106 S=0xD0 I=24194 F=0x0000 T=64
> Feb 10 23:23:05 trinity2 kernel: IP fw-out deny eth0 ICMP/3 192.168.0.1
> 24.0.75.172 L=106 S=0xD0 I=24195 F=0x0000 T=64
> --
> 
> Any idea of what this is and WHY the packet isn't being
> masqueraded?
> 
>       eth0 is my Internet interface
> 
> --David
> .----------------------------------------------------------------------------.
> |  David A. Ranch - Linux/Networking/PC hardware         [EMAIL PROTECTED]  |
> !----                                                                    ----!
> `----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For daily digest info, email [EMAIL PROTECTED]
> 
"Some people crave baseball - I find this unfathomable - but I can
easily understand why a person could get excited about playing a
bassoon."  --  Frank Zappa



_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]