On Mon, Dec 02, 2002 at 11:14:07PM -0800, paridhi bansal wrote: > When A pings to B using the gateway, gateway forwards > the packet correctly to B. B receives the echo request > packet. however,in return B sends the ICMP packet of > type 3 code 2 i.e. destination unreachable (Protocol > unreachable). And B sends this packet to gateway's > 10.2.1.2 interface and not to A. > > What canm be the possible problem???What's the way > out?? I don't understand the problem. You are using a gateway to send traffic from A to B, and then are surprised when B sends traffic to A through the gateway? Or, is B sending packets to the gateway with the destination IP set to the gateway? If this is the case, it is probably because you re-wrote the source address of packets leaving the gateway -- you'll need to re-write the destination address of packets returning to the gateway as the NAT NetFilter modules do... Perhaps schematics: A sends packet (src=A dest=B) to gateway. gateway sends modified packet (src=gateway dest=B) to B. B receives packet (src=gateway dest=B) from gateway. The return trip: B sends packet (src=B dest=gateway) to gateway. gateway _should_ send modified packet (src=B dest=A) to A. A _should_ receive (src=b dest=A) from gateway. Depending upon the NAT semantics in use, it might be the case that neither A nor B know the IP addresses of the other end point -- they may know only their own IP and the gateway IP. I think one form is known as just 'NAT', and the others as 'SNAT' and 'DNAT', but the terms never made sense to me. (I'll admit that's because I've never used a system that cared about the names. If I used IPTables to perform NAT, I'd probably know the acronyms by now...) HTH -- "There's an old saying in Tennessee, i know it's in Texas, probably in Tennessee, that says, 'Fool me once... shame on ... shame on .. you; but fool--you can't get fooled again.'" -- Commander in Chief of the US Military
Attachment:
pgp00234.pgp
Description: PGP signature
