[Shorewall-users] Three way ICMP ?

Joshua Banks l0f33t at yahoo.com
Mon Dec 1 23:40:47 PST 2003

--- Bill.Light at kp.org wrote:
> DST=192.168.250.zz 

I don't know what to say about your mysterious network but this is what
these icmp messages mean:

 ICMP TYPE=3                   CODE=1
Destination Unreachable .... Host Unreachable

Why a public ip would be sending an ICMP message to an RFC1918 address
is beyond me. I can only guess that your using some app possibly that
is imbedding its private lan address in the payload of the packet
before being natted out through the firewall. So the packet is seen as
coming from your public ip address (like normal) but the actual
payload/data in the packet is tagged with the private ip address using
what-ever app. its using to communicate with the (also) mysterious SEX
sever. Heh.. Heh... :P

Thats only a guess though. But I figured I would entertain the mystery

If your real serious/curious, you should packet sniff off your external
interface and internal interface at the same time to see whats
happening for sure.


Do you Yahoo!?
Free Pop-Up Blocker - Get it now

More information about the Shorewall-users mailing list