Hello, Please pardon me if this has been covered in the archives. (Pointers would be much appreciated if so.) I have a nameserver behind a Linux firewall. The firewall is running FC2 (1.2.9-2.3.1). I have a simple rule that maps any UDP or TCP port 53 traffic to IP A on the public side to private IP B on the internal side. We've been getting complaints from someone about not having larger queries answered, so I started looking into things. I figure that hping2 would give me the flexibility to craft packets of varying sizes and allow me to do the traceroute thing to where where packets are being dumped. If the packets get through to the nameserver, I'd just get a FormErr back. If, from C (which is on the public side), I do this: hping -2 -p 53 -c 2 --traceroute -t 12 -d 1350 A and do a tcpdump on both the public and private interface on my firewall, I see this on the public side: 14:30:04.609125 IP C.2859 > A.domain: 22616 updateDA% [b2&3=0x5858] [22616a] [22616q] [22616n] [22616au][|domain] 14:30:04.609191 IP A > C: icmp 556: time exceeded in-transit 14:30:05.607656 IP C.2860 > A.domain: 22616 updateDA% [b2&3=0x5858] [22616a] [22616q] [22616n] [22616au][|domain] 14:30:05.608273 IP A.domain > C.2860: 22616 updateDA FormErr- [0q] 0/0/0 (12) 14:30:05.675272 IP C > A: icmp 48: C udp port 2860 unreachable I see this on the private side: 14:30:05.607681 IP C.2860 > B.domain: 22616 updateDA% [b2&3=0x5858] [22616a] [22616q] [22616n] [22616au][|domain] 14:30:05.608258 IP B.domain > C.2860: 22616 updateDA FormErr- [0q] 0/0/0 (12) 14:30:05.675291 IP C > B: icmp 48: 64.151.105.12 udp port 2860 unreachable This is all as I'd expect. If I increase the data payload size to 1351, I see the same thing as above on the public side, less the last two packets. On the public side, I see nothing. Anybody have any idea about what's going on? Thanks, pete
