On Fri, Oct 07, 2005 at 07:10:04PM +0100, ed wrote: > Can ICMP packets be redirected using rdr to a RFC1918 host? I gave it a > couple of shots and did not get anywhere, as I can't see any mentions of > it it working in either books or on the web I thought I'd ask here.
Yes, you can redirect ICMP queries (like echo request aka ping) like this: rdr pass on $ext_if inet proto icmp from any to $ext_if -> 10.1.2.3 This does not apply to ICMP errors (like time exceeded or fragmentation needed), as these are considered to be part of the TCP/UDP connection they refer to. If you redirect a TCP connection to a LAN host, ICMP errors relating to that connection will be redirected automatically. Daniel
