Good Morning Crist
Ok, this with the Network-IP aliases, you are right, tnx for the tip. I
think you are intrested in the Flags, D for dynamic redirect and M for
modified dynamical from redirect. On the BSDClient, there are no entries in
the routing table with the D or M Flag.
I detected two "mistakes":
1. Router don't send ICMP Redirect messages, if the target rediredt Router
is the default router.
2. The Clients don't accept the ICMP Redirect packets from the BSD-Router.
Problem 1
---------
If i'm doing a ping to an external address, on the router machine i can see
two ICMP request packets:
10:41:33.868478 172.16.224.24 > 157.161.7.7: icmp: echo request
10:41:33.868501 172.16.224.24 > 157.161.7.7: icmp: echo request
10:41:34.878624 172.16.224.24 > 157.161.7.7: icmp: echo request
10:41:34.878664 172.16.224.24 > 157.161.7.7: icmp: echo request
10:41:35.890321 172.16.224.24 > 157.161.7.7: icmp: echo request
10:41:35.890361 172.16.224.24 > 157.161.7.7: icmp: echo request
On the BSDClient it looks all right. Every ICMP request gets a reply
10:41:28.973126 172.16.224.24 > 157.161.7.7: icmp: echo request
10:41:28.994275 157.161.7.7 > 172.16.224.24: icmp: echo reply
10:41:29.978672 172.16.224.24 > 157.161.7.7: icmp: echo request
10:41:29.989218 157.161.7.7 > 172.16.224.24: icmp: echo reply
10:41:30.988690 172.16.224.24 > 157.161.7.7: icmp: echo request
10:41:31.004373 157.161.7.7 > 172.16.224.24: icmp: echo reply
The Router doesn't send ICMP Redirects to the WAN-Router (Cisco 2600) on the
address 172.16.1.1 which is connected to the Internet and is the default
router of the BSD Routing Machine.
The ICMP Redirect should work like this:
RFC 792 [Page 12]:
The gateway sends a redirect message to a host in the following
situation. A gateway, G1, receives an internet datagram from a
host on a network to which the gateway is attached. The gateway,
G1, checks its routing table and obtains the address of the next
gateway, G2, on the route to the datagram's internet destination
network, X. If G2 and the host identified by the internet source
address of the datagram are on the same network, a redirect
message is sent to the host. The redirect message advises the
host to send its traffic for network X directly to gateway G2 as
this is a shorter path to the destination. The gateway forwards
the original datagram's data to its internet destination.
The router don't send this ICMP Redirects, if the redirect Router is the
default router. That's badly.
Problem 2
---------
If the router isn't the default router, the ICMP Redirect will be send. But
this ICMP Redirect Packets are not acceptet (don't create a routing table
entry with Flag M or D) by the Hosts (Windows and BSD). Both hosts work with
a RedHat Routing Machine.
tcpdump on the Router:
10:57:58.838278 172.16.224.24 > 172.24.0.100: icmp: echo request
10:57:58.838330 172.16.224.24 > 172.24.0.100: icmp: echo request
10:57:58.838357 172.16.1.12 > 172.16.224.24: icmp: redirect 172.24.0.100 to
host
172.16.1.252
10:57:59.848649 172.16.224.24 > 172.24.0.100: icmp: echo request
10:57:59.848683 172.16.224.24 > 172.24.0.100: icmp: echo request
10:57:59.848707 172.16.1.12 > 172.16.224.24: icmp: redirect 172.24.0.100 to
host
172.16.1.252
And more detailed:
11:07:51.542808 172.16.224.24 > 172.24.0.100: icmp: echo request (ttl 63, id
226
56, len 84)
0x0000 4500 0054 5880 0000 3f01 ea83 ac10 e018 E..TX...?.......
0x0010 ac18 0064 0800 7b4f 95ac 0200 58f3 473c ...d..{O....X.G<
0x0020 4dd1 0c00 0809 0a0b 0c0d 0e0f 1011 1213 M...............
0x0030 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
0x0040 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0x0050 3435 3637 4567
11:07:51.542832 172.16.1.12 > 172.16.224.24: icmp: redirect 172.24.0.100 to
host
172.16.1.252 for 172.16.224.24 > 172.24.0.100: icmp: echo request (ttl 64,
id 2
2656, len 84) (ttl 64, id 20386, len 56)
0x0000 4500 0038 4fa2 0000 4001 f1dd ac10 010c E..8O...@.......
0x0010 ac10 e018 0501 31f6 ac10 01fc 4500 0054 ......1.....E..T
0x0020 5880 0000 4001 e983 ac10 e018 ac18 0064 X...@..........d
0x0030 0800 7b4f 95ac 0200 ..{O....
The ICMP packet is sended with a Code 1 Message: Redirect datagrams for the
Host. The packet looks like it have to be! (RFC792 Page 11), but the Hosts
doesn't accept this messages. (No entry in the Routing tables with D or M
Flag)
On the BSD Client and Router, the sysctl settings are:
net.inet.icmp.drop_redirect: 0
net.inet.ip.redirect: 1
net.inet.ip.sourceroute: 0
Regards
Reto Trachsel
Your Partner for Internet & Networking Technologies!
____________________________________________________
NetModule AG
Meriedweg 7 / CH-3172 Niederwangen
Phone: +41 31 985 25 10 / Fax: +41 31 985 25 11
www.netmodule.com
NetModule AG, Java Competence Center
Zuercherstrasse 12 / Postfach / CH-8401 Winterthur
Phone: +41 52 209 00 44 / Fax: +41 52 209 00
40____________________________________________________
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
