On 5/26/05, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> wrote: > > Do the packet correspond to what you expect as ICMP reply packet: src and > dst IP addresses are OK? What's inside the packet, i.e the src/dst IP, > protocol, ports inside the ICMP error message are OK? > > Best regards, > Jozsef > - Everything seems to be ok... src is the next hop after the gateway on eth2 (the VPN box), dst is eth2, TCP ports are ok. ICMP msg correctly encapsulate the previos IP datagram (ACK number correspond) that needs fragmentation... On the other hand ICMP echo packets works correctly, they report the same dst (eth2) and are correctly unmasqueraded and forwarded to the client... Could it be something distribution-related setting or patch? I'm using Gentoo. Thank you -- Leonardo Arena
