On Monday 10 June 2002 11:36 am, [EMAIL PROTECTED] wrote: > > > I would like to SNAT icmp fragmentation-needed messages that have > > > source address from private network range (RFC1918), I have tried > > > something like: > > > > > > iptables -t nat -I POSTROUTING -j SNAT --to real_address -p icmp \ > > > --icmp-type fragmentation-needed -s 192.168.0.0/16 > > > > > > but it does not work. > > > > What happens if you put a logging rule immediately before this one: > > > > iptables -I POSTROUTING -t nat -s 192.168.0.0/16 -p icmp --icmp-type > > fragmentation-needed -j LOG --log-prefix "icmp SNAT" > > > > Do you get any packets logged ?
> Nothing gets logged...... In that case you have no packets of the type you are trying to match..... ...which is why they don't get SNATted. Antony.
