On Tuesday 23 December 2003 6:37 am, JC wrote:
> Hello Everybody,
>
> I apologize if you've seen something like this but
> searching on something similar to the subject line
> above has turned up nill.
>
> Scenario
>
> HostA ------> FW/NAT -----(port translation) --->
> HOSTB
> (10.10.1.1)
> (192.168.7.1)
>
> Rules:
> iptables -A PREROUTING -t nat -p tcp --dport 80 -j
> DNAT --to 192.168.7.1:80
> iptables -A FORWARD -p tcp -d 192.168.7.1 --dport 80
> -j ACCEPT
>
> So everything works, but when HostB goes down for
> maintence or from a DOS or whatevever FW/NAT will send
> an ICMP host unreachable with the natted address to
> HostA.
>
> I suppose I'm correct in perceiving that this behavior
> is normal, so I'll have to ask how do some of you
> people go about dealing with situations such as these?
I don't understand the question.
If host B is down, then "host unreachable" is quite correct.
What behaviour would you expect, and what problem do you have with what
happens at present?
Antony.
--
If the human brain were so simple that we could understand it,
we'd be so simple that we couldn't.
Please reply to the list;
please don't CC me.
