On Mon, 2003-09-22 at 16:41, Martin Josefsson wrote: > On Mon, 22 Sep 2003, Nigel Metheringham wrote: > > > Took a closer look. > > If I put that mangle rule in then:- > > * I see no ICMP packets on the wire between the originating box > > and the linux g/w (tested in 2 places to make sure I don't have > > any packet sniffing/netfilter interactions). Previously I saw > > ICMP need frag packets as quoted above > > * those icmp_reply log messages appear to fire on each and every > > packet > > > > icmp_reply: outer SRC -> 192.168.50.119 > > icmp_reply: inner DST -> 192.168.50.119 1500 > > Uhm, let me see if I got this right... > > If you add that mangle rule you don't see any icmp packets on the wire but > you see the icmp_reply messages? yup. With no mangle rule I get broken ICMP frag-needed messages on the wire and your debug messages do not trigger. With the mangle rule I see no ICMP on the wire but the debug messages trigger frequently (ie probably once per packet). I'm confused too! Nigel. -- [ Nigel Metheringham Nigel.Metheringham@xxxxxxxxxxxxxxxxxx ] [ - Comments in this message are my own and not ITO opinion/policy - ]
