Linux not sending ICMP with iptables `--reject-with`

view story

http://serverfault.com – Using iptables I am trying to reject packets (I want to return an ICMP message). iptables -A FORWARD [...] -j REJECT --reject-with icmp-port-unreach The packets are dropped but using tcpdump I can see no ICMP. What gives ? Am I doing something wrong ? Do I have to flip some sysctl or anything ? Kernel is: 2.6.32-5-openvz-686 Please don't suggest "use DROP instead of REJECT". Thank you for your time. (HowTos)