| View previous topic :: View next topic |
| Author |
Message |
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
 Posted: Tue Nov 14, 2006 7:56 pm Post subject: [SOLVED] ICMP Redirect messages?? |
 |
|
Hello all,
I apologize if this has been repeated .... I have been investigating this issue for quite some time and am seeking some advice on ICMP redirects. I am simply trying to enable ICMP redirects on a Gentoo Machine (LinuxBox1 in diagram) I have.
| Code: | Internet <-----------> "LinuxBox1"
[WAN] |[192.168.22.48]
|
|[192.168.22.230](gw 192.168.22.48)
|<----------"Network A computer"
|
|[192.168.22.209]
"LinuxBox2"
[192.168.33.193]|
|
|[192.168.33.194]
<-----------"Network B computer'
|
Since LinuxBox1 is the gateway for every computer on NetworkA (including LinuxBox2) I am essentiialy trying to get LinuxBox1 to inform any machine on Network A, to direct their packets meant for Network B, thru LinuxBox2 instead of LinuxBox1.
I have thus far configured:
echo "0" > /proc/sys/net/ipv4/conf/eth0/send_redirects
echo "0" > /proc/sys/net/ipv4/conf/eth0/accept_redirects
Static Route to LinuxBox1: route add -net 192.168.33.192 gw 192.168.22.209
But have stiill not generated ONE redirect when analyzing my tcpdumps.
Any advice??
Thanks
Last edited by NiceGuy on Wed Nov 15, 2006 8:15 pm; edited 1 time in total |
|
| Back to top |
|
 |
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Tue Nov 14, 2006 8:46 pm Post subject: |
|
|
try to extend the route command with the correct netmask for network B
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
NiceGuy
Guru
Joined: 12 Jun 2006
Posts: 451
Location: Canada
|
| Posted: Wed Nov 15, 2006 8:11 pm Post subject: |
|
|
Hello,
I am posting this to complete the post .. that is this problem has been solved:
Steps for Solution
** The key here to getting my 2 GentooBoxes (1 & 2) to communicate was simply by properly configuring some config files.
********************************************************************************************************
# /etc/sysctl.conf for GentooBox 1 & 2 -- the machines basically acting as the routers
********************************************************************************************************
| Code: | ## Enabled Kernel Parameters ##
# Forwarding
net.ipv4.conf.all.forwarding = 1
# Source Route Verification
net.ipv4.conf.default.rp_filter = 1
# Reverse Path
net.ipv4.conf.all.rp_filter = 1
# ICMP Redirect-Acceptance
net.ipv4.conf.all.accept_redirects = 1
# ICMP Redirect-Sending
net.ipv4.conf.all.send_redirects = 1
# Secure Redirects
net.ipv4.conf.all.secure_redirects = 1
|
**********************************************************
# /etc/sysctl.conf for Client Machines
**********************************************************
| Code: | ## Enabled Kernel Parameters ##
# Forwarding
net.ipv4.conf.all.forwarding = 0
# Source Route Verification
net.ipv4.conf.default.rp_filter = 1
# Reverse Path
net.ipv4.conf.all.rp_filter = 1
# ICMP Redirect-Acceptance
net.ipv4.conf.all.accept_redirects = 1
# ICMP Redirect-Sending
net.ipv4.conf.all.send_redirects = 0
# Secure Redirects
net.ipv4.conf.all.secure_redirects = 1
|
To sum it up .. there is a net.ipv4.conf.all.send_redirects kernel parameter that exisits and needed to be enabled (set to 1).. once that was .. I already had the net.ipv4.conf.all.accept_redirects in my /etc/sysctl.conf. Each parameter is pretty straight forward. To summarize ... my two Gentoo Boxes need to be able to generate the redirects ... while equivalently my clients in both Network A and Network B need to accept them when they are sent.
Thanks again
Take Care |
|
| Back to top |
|
|
|
Networking & Security
