Hi,

I have a bit of a problem with NAT and ICMP and haven't been able to
find the answer in the ipfilter documentation. I hope you can give me
a hint whether and how this can be fixed. I have the following setup:

client <=> gif tunnel MTU=1280 <==> NAT <==> Outside world

Problem is that TCP connections to servers using PMTU discovery faisl
as the internal IP-addresses in ICMP messages do not get translated.
The NAT machine sends out ICMP mesgs like:

17:35:40.185184 129.242.16.119 > 193.166.3.2: icmp: 10.1.1.2 unreachable - need to frag (mtu 1280) (ttl 255, id 35140)

Rewriting these addrs in ICMP msg is maybe not perfectly correct, but
it would make my setup work. So, I'd like to know whether there's some
rule I can add for this.

Feico.