On Mon, 4 Nov 2002, Bart De Schuymer wrote: > On Saturday 02 November 2002 14:00, Pekka Savola wrote: > > > Does the patch below fix it? > > > > Yep, tcp resets seem to come fine without error messages now. Thanks. > > > > How about the source address of ICMP rejects, has this always been so > > and/or is it easily modifiable? > > Harald replied on the netfilter-devel mailing list that this is a feature.
Of course it is a feature -- for _routing_ code. For bridging, that is entirely different. Btw. I wonder what is used as a source address if the bridge has no IP. > As these ICMP packets are seen by the POSTROUTING chain, I belive you need to have mangle / nat loaded for that (or so I understood anyway..) > you can just use SNAT > there. I don't want to mess with _any_ kind of NAT. > Ofcourse, only if you know what source address to put it to ;) But > that will probably be a router. Right.. quite impossible if you have N hosts behind the bridge: you'd have to have N times as much rules that way. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
