Hi,
I would like to SNAT icmp fragmentation-needed messages that have source address from private network range (RFC1918), I have tried something like: iptables -t nat -I POSTROUTING -j SNAT --to real_address -p icmp \ --icmp-type fragmentation-needed -s 192.168.0.0/16 but it does not work. I think that because these packets are part of valid TCP connection, they are somehow processed by ip_conntrack module and do not pass this rule.... any idea? jn
