Le jeudi 02 février 2006 à 14:57 +0300, Victor A. Bykov a écrit : > My question is: if I, for example, generate icmp packet with icmp-type > 11 by packet generator, this packet is not in ESTABLISHED state, and > not in conntrack list, and probably should go via NAT table? in > practical test, however, that kind of packet not go via NAT! If you craft an ICMP error, then it will be given INVALID state as no previous entry exists in conntrack table to which it can be associated. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
