Hi, I have a very strange icmp nat problem with the kernel 2.4.17. Here is the case: - Our Linux 2.4.17 gateway up and running - We start to ping a remote system from windows(local ip: 172.16.2.17) like that (ping -t foo.com) - We just reboot the Linux gateway - When the gateway is up and running again, windows client can not get ping response, still says timeout When I sniff the icmp traffic on remote side (foo.com) I see that icmp echo request packets comes with an un-nated ip address: 172.16.2.17 > foo.com: icmp 40: echo request seq 43521 But as you can see, our gateway acts as a standart router, doesn't make any network address translation and just forwards packets with original source ip. If we try same case with a Linux client, everything works fine, we can get the icmp echo response packets. I tried http://www.mail-archive.com/netfilter-devel@xxxxxxxxxxxxxxx/msg00755.html patch but doesn't change anything. If I insert a rule like that: iptables -I OUTPUT -p icmp -m state --state INVALID -j DROP sometimes Windows clients start to work too (%50-50). This problem doesn't exist kernel 2.4.30+ or 2.6.X Anyone has a suggestion? Why kernel doesn't runs NAT routine for the packets generated by Windows? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
