a38048c3   
   From: boite-a-spam@plouf.fr.eu.org   
      
   Marco Peng a écrit :   
   >>   
   >>> PC----->GW_A(NAT)-------->GW_B(NAT)------>Inetnet   
   >>> GW_A is a linux box, configured by me, work as a router.   
   >>> The PC's traceroute resule will show  the GW_A in the list.   
   >>> My question is: How can I make the ICMP pass through by the GW_A, do   
   >>> not show it in the traceroute result as it was not exist on the path.   
   [...]   
   > for example, the PC is 192.168.0.2, the GW_A LAN IP is 192.168.0.1,   
   > GW_B LAN IP is 10.7.1.1   
   > after I traceroute a internet site, I get the list:   
   > 1, 192.168.0.1   
   > 2, 10.7.1.1   
   > 3, A_PUBLIC_IP of the internet site   
   >   
   > what my want is   
   > 1, 192.168.0.1   
   > 2, A_PUBLIC_IP of the internet site   
   > no GW_B exist in the list   
      
   So you say that you do not want GW_B (10.7.1.1) to appear in the   
   traceroute ? Or is it GW_A (192.168.0.1) ?   
      
   If you do not want to see GW_A :   
      
   iptables -t mangle -A PREROUTING -i  -j TTL --ttl-inc 1   
      
   This increments the TTL before it is decremented, so GW_A does not see   
   the TTL expire and send an ICMP error.   
      
   If you do not want to see GW_B :   
      
   iptables -t mangle -A FORWARD -i  -j TTL --ttl-inc 1   
      
   This increments the TTL after it is decremented, so GW_B does not see   
   the TTL expire and send an ICMP error.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)