Problem LOG and ICMP (bug ?)
dominique1903@netscape.net
dominique1903@netscape.net
Wed, 18 Jul 2001 06:41:21 -0400
I did a "traceroute" from my firewall (output interface 192.178.71.1) to 192.168.72.2. Here is the related line logged from a rule "-j LOG" :
IN= OUT=eth1 SRC=192.168.71.1 DST=192.168.72.2 LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=25425 PROTO=UDP SPT=1028 DPT=33435 LEN=18
The nearest router (192.168.71.8) respond an ICMP Excedeed Time to Live:
IN=eth1 OUT= MAC=00:01:02:6c:f2:2b:00:20:d2:17:87:cf:08:00 SRC=192.168.71.8 DST=192.168.71.1 LEN=56 TOS=0x00 PREC=0x00 TTL=32 ID=1 PROTO=ICMP TYPE=11 CODE=0 [SRC=192.168.71.1 DST=192.168.72.2 LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=25425 PROTO=UDP SPT=0 DPT=501 LEN=41048 ]
BUT the information logged about the related UDP packet is wrong (SPT, DPT..) !!
Is it normal ? Is it a known problem (bug?) ? Is there any patch ?
Note: I encountred the same problem with many ICMP packets logged (ie. some bizarre info about the related packet: TCP flags...)
Thanks.
__________________________________________________________________
Get your own FREE, personal Netscape Webmail account today at http://webmail.netscape.com/