David:
The ipchains howto says that type 3 ICMP packets are
destination-unreachable, and required by tcp and udp traffic. It
says don't ever block them. (I don't know what's causing your log
entries....)
Along those lines, in my playing with ipchains, I can't ping my
firewall from the internet when I have rules in place, even with an
allow ICMP line in the input rules. Do I need an "allow ICMP" line
in the output-to-the-isp rules? Other thoughts? I could post the
ruleset for everyone's scrutiny. Let me know.
Charlie Shoemaker
> Date: Thu, 11 Feb 1999 12:40:33 -0800
> To: [EMAIL PROTECTED]
> From: "David A. Ranch" <[EMAIL PROTECTED]>
> Subject: [masq] Trying to figure out what packet this is..
>
> Hey Guys..
>
> Recently I've been getting these packet logs to a friend
> of mine's machine:
>
> --
> Feb 10 23:22:59 trinity2 kernel: IP fw-out deny eth0 ICMP/3 192.168.0.1
> 24.0.75.172 L=106 S=0xD0 I=24193 F=0x0000 T=64
> Feb 10 23:23:02 trinity2 kernel: IP fw-out deny eth0 ICMP/3 192.168.0.1
> 24.0.75.172 L=106 S=0xD0 I=24194 F=0x0000 T=64
> Feb 10 23:23:05 trinity2 kernel: IP fw-out deny eth0 ICMP/3 192.168.0.1
> 24.0.75.172 L=106 S=0xD0 I=24195 F=0x0000 T=64
> --
>
> Any idea of what this is and WHY the packet isn't being
> masqueraded?
>
> eth0 is my Internet interface
>
> --David
> .----------------------------------------------------------------------------.
> | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
> !---- ----!
> `----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For daily digest info, email [EMAIL PROTECTED]
>
"Some people crave baseball - I find this unfathomable - but I can
easily understand why a person could get excited about playing a
bassoon." -- Frank Zappa
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]