DROP vs. REJECT...

Taylor, Grant gtaylor at riverviewtech.net
Fri Apr 22 20:54:39 CEST 2005


One possible solution to rejecting with the source IP of the "ICMP Host Unreachable" packet being the host that you are trying to hide would be to SNAT the packet as it goes out the system you are trying to hide on it's way back to the original sender.  You would want to SNAT the packet to IP of the far side of your upstream router.  In doing this you would have to make sure that your upstream router would not block suck packets with any thing like a reverse path filter.



Grant. . . .



More information about the netfilter mailing list