Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 1 Dec 2000 16:18:19 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 1 Dec 2000 16:18:10 -0500 Received: from ja.ssi.bg ([193.68.177.189]:8964 "EHLO u.domain.uli") by vger.kernel.org with ESMTP id ; Fri, 1 Dec 2000 16:18:01 -0500 Date: Fri, 1 Dec 2000 22:45:34 +0000 (GMT) From: Julian Anastasov To: Ben McCann cc: Mike Perry , linux-kernel Subject: Re: 2.2.17 IP masq bug In-Reply-To: <3A277808.153AFC0C@indusriver.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Hello, On Fri, 1 Dec 2000, Ben McCann wrote: > I'm curious about how ICMP redirect is causing this problem. > Would you elaborate on how ICMP is involved? The masq box sends ICMP redirects to the internal host when the destination host is on the same shared media, i.e. "please, go directly to the destination". When the internal host accepts these redirects it reroutes the packets directly to the destination which is on the same LAN. The packets reach the destination with saddr=10/8 because they are not masqueraded. It seems the destination does not use direct route to 10/8 and the traffic is not replied. The connection is not established when it is not masqueraded. When we block these redirects the internal hosts continue to forward the packets to the masq box without knowing the destination is directly connected. > -Ben McCann Regards -- Julian Anastasov - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/