NAT Does Not Properly Forward ICMP "Destination Unreachable" Packet That Is Generated on the NAT Server (268773)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q268773

SYMPTOMS

In the following scenario, it may not work to copy a file from the private network to a server on the public side of the Network Address Translation (NAT). The file name is created on the outside server, but the length of the file may be 0 bytes, or the content of the file may be blank.
  • A Windows 2000-based computer with two network adapters and NAT configured.
  • There is one network adapter connected to the public network.
  • There is one network adapter connected to the private network.
  • The public network adapter has its Maximum Transmission Unit (MTU) setting set to a value less than the default value (the default value is 1,500 for Ethernet adapters), and also less than the MTU setting on the package from the private network of the NAT.
  • A client on the private network copies a file (40 KB in this scenario) to a server on the public side of the NAT.

CAUSE

When the MTU of the public network adapter is less than the setting on the package from a client on the private side of the NAT, the NAT sends an Internet Control Message Protocol (ICMP) "Destination unreachable" packet back to the client to indicate that the defragmentation is needed. NAT does not send the ICMP package to the client, but instead sends the packet to the public network adapter of the NAT.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

The English version of this fix should have the following file attributes or later: 
   Date        Time    Version        Size    File name
   ----------------------------------------------------
   23/08/2000  08:56a  5.0.2195.2103  60,688  Ipnat.sys

NOTE: You should apply Windows 2000 Service Pack 1 (SP1) before you apply this hotfix.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 2.

MORE INFORMATION

For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:

249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes

Modification Type:MinorLast Reviewed:9/23/2005
Keywords:kbHotfixServer kbQFE kbbug kbfix kbWin2000PreSP2Fix KB268773
©2004 Microsoft Corporation. All rights reserved.