Linux noce posiljati ICMP redirectov

Matej Rizman matej.rizman at guest.arnes.si
Thu Feb 19 14:49:54 CET 2004 


Pozdravljeni,

tale mejl sem poslal na comp.os.linux.networking, vendar pa je na zalost ze
2x ostal brez odgovora. V bistvu gre za to, da mi linux iz meni neznanih
razlogov noce posiljati ICMP redirecta.

V upanju, da bom imel tukaj kaj vec srece, vas lepo pozdravljam,
Matej Rizman


Hello,

the following problem has been bugging me for several days now. I have
the following network configuration:

INTERNET --- Linux1 --- LAN1 ---- Linux2 --- LAN2 --- Hardware Router
--- INTERNET

LAN1: 10.0.1.0/24
LAN2: 10.0.0.0/24
Linux1: eth0 10.0.1.1, eth1 used for ADSL connection to internet,
kernel 2.4.20
Linux2: eth0 10.0.1.9, eth1 10.0.0.9, default gateway 10.0.0.1
Hardware router: 10.0.0.1
computers in LAN1 have Linux1 (10.0.1.1) as default gateway
computers in LAN2 have Hardware router (10.0.0.1) as default gateway

I want machine Linux2 to be used as a router between LAN1 and LAN2. I
have two options:
a) I add static route (to other network) on every computer on LAN1 and
on LAN2,
b) I add static route (to other network) only to Linux1 and Hardware
router and then they notify machines about different routes with ICMP
redirect.

However, due to large number of computers only the option b) is
acceptable.

I have done following things:
a) added static route to network 10.0.1.0/24 on Hardware router
b) added route on Linux1. Its routing table looks like this:
[root at localhost root]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref
Use Iface
BSN-access.dsl. *               255.255.255.255 UH    0      0
0 ppp0
10.0.0.0        10.0.1.9        255.255.255.0   UG    0      0
0 eth0
10.0.1.0        *               255.255.255.0   U     0      0
0 eth0
192.56.76.0     *               255.255.255.0   U     0      0
0 eth0
169.254.0.0     *               255.255.0.0     U     0      0
0 eth0
127.0.0.0       *               255.0.0.0       U     0      0
0 lo
default         BSN-access.dsl. 0.0.0.0         UG    0      0
0 ppp0
[root at localhost root]#

c) checked that Linux1 has /proc/sys/net/ipv4/conf/eth0/send_redirects
set to 1
d) enabled ip forwarding and disabled firewall on Linux2.

Now the situation looks like this. When I execute ping 10.0.1.1 on
computer 10.0.0.242 in LAN2, this computer sends packet to 10.0.0.1
and it receives ICMP redirect and updates its routing tables. Packet
then goes through 10.0.0.9 -> 10.0.1.9 and it reaches 10.0.1.1
(Linux1). Linux1 sends echo response back and this response goes
throuh 10.0.1.9 -> 10.0.0.9 and so it reaches computer 10.0.0.242.

Similarly, if I set static route to network 10.0.0.0/24 (LAN2) on
computer 10.0.1.102 on network LAN1, then I can also ping 10.0.1.102
from network LAN2.

I can also ping any computer on LAN2 from Linux1 (10.0.1.1) and from
10.0.1.102
(with static route set up).

However, pinging does not work on computers that do not have static
routes set up. If I ping such computer (10.0.1.101 for example) from
network LAN2, the echo request packet reaches computer 10.0.1.101 and
computer 10.0.1.101 sends echo reply to its default gateway, Linux1.
But the major problem is that Linux1 does not respond with ICMP
redirect and therefore 10.0.1.101 is never notified about different
route.

tcpdump from Linux1

[root at localhost root]# tcpdump "icmp"
tcpdump: listening on eth0
17:05:10.051756 10.0.1.101 > 10.0.0.242: icmp: echo reply
17:05:11.199994 10.0.1.101 > 10.0.0.242: icmp: echo reply
17:05:12.201637 10.0.1.101 > 10.0.0.242: icmp: echo reply

Any help about this problem would be very appreciated!

Best regards,
Matej Rizman

More information about the lugos-list mailing list