When packets are NATed (in very typical case with SNAT when leaving internal network) their IP addresses in IP header are adjusted. ICMP error messages sent via router (running netfilter and doing translation) however contain unmodified "IP Header + First 8 Bytes of Original Datagram's Data" of packets sent in internal network (i.e. IP addresses inside ICMP error messages aren't translated). Is this expected behavior of netfilter? Is it possible to translate IP addresses inside ICMP messages using netfilter? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
