On Wed, 12 Oct 2005 20:11:03 +0200 Daniel Hartmeier <[EMAIL PROTECTED]> wrote:
> On Fri, Oct 07, 2005 at 07:10:04PM +0100, ed wrote: > > > Can ICMP packets be redirected using rdr to a RFC1918 host? I gave > > it a couple of shots and did not get anywhere, as I can't see any > > mentions of it it working in either books or on the web I thought > > I'd ask here. > > Yes, you can redirect ICMP queries (like echo request aka ping) like > this: > > rdr pass on $ext_if inet proto icmp from any to $ext_if -> 10.1.2.3 > > This does not apply to ICMP errors (like time exceeded or > fragmentation needed), as these are considered to be part of the > TCP/UDP connection they refer to. If you redirect a TCP connection to > a LAN host, ICMP errors relating to that connection will be redirected > automatically. Thanks, I'm sure I tried something very similar to that, either the ISP dropped them or I did something wrong. -- Regards, Ed http://www.usenix.org.uk
