Disable send ICMP redirect?

---

• From: bota.florin@xxxxxxxxx
• Date: 28 Jun 2006 13:05:56 -0700

---

Hy all,

I have a problem with a new firewall, installed with Fedora Core 5
and updated with all last packages available from update. It acts as a
firewall connecting the local net to different remote networks (uses
for that a separate network interface and connects through 4 different
cisco routers) and should forward all Internet traffic to a router
connected to internet (which is on the same local network - both router
and firewall use 192.168.10.0/24 class addresses, the hosts have
addresses from the same class). It forwards correctly traffic to the
remote networks, but for the Internet traffic it answers by sending an
ICMP redirect, which is conform to the standard. The problemm is that
Pc hosts (Windows 2000, Windows XP and Windows 2003 with different SP)
simply discard the ICMP redirect so they can't access internet. Beside
that case the firewall can't continue the firewall work, since hosts
would connect directly to internet through the router.
Is it possible to disable the sending of ICMP redirect and linux
forward the packets to the correct router (even if the host and the
router are on the same network)? I know this will efectivelly increase
the traffic but it will allow the firewall to correctlly check the
packets. Are there any values I can put in some /proc files to get this
comportment? I managed to place a 0 in send_redirects and the linux did
not send any more ICMP redirects, but it did not forward packages that
came on a interface and should exit the same interface either (it
correctly forwards packages coming on one interface and exiting a
different interface).

Thanks a lot,
Florin Bota.

.

---

• Follow-Ups:
  • Re: Disable send ICMP redirect?
    • From: Moe Trin

• Prev by Date: Re: multiple ppp links and routing ..
• Next by Date: Re: Monitoring idle time of TCP connections
• Previous by thread: Re: Monitoring idle time of TCP connections
• Next by thread: Re: Disable send ICMP redirect?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: 3 LAN, 2 WAN - 2 LAN use 1 WAN, last LAN uses other WAN ... Internet over different paths after that. ... With a single LAN Router for all the segments, ... Then each "business" uses the Firewall they are supposed to use for the ... (microsoft.public.windows.server.networking) Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet ... >It will be a while I get the router and do that. ... >> labelling on the box to be sure it has firewall features. ... name, like Disconnect from Internet, and click Finish. ... generally talking only about "critical patches" that affect security. ... (comp.security.firewalls) Re: Networking problems with router between 2 p.c.s ... >> router for internet access. ... >> disable the internet connection firewall in the LAN ... isn't suitable for use on a local area network. ... (microsoft.public.windowsxp.network_web) Re: Using two internet connections with one firewall ... :> and so I won't be able to add the satellite link to the Firewall. ... You need a separate firewall for each internet connection. ... sides of the firewalls to a hub/switch and then into another router. ... connections or a router with an interface to the firewall, ... (comp.security.firewalls) Re: Is this a wise configuration? ... A have a single DSL connection to the internet at my house. ... connection goes through a router, ... With this many "test" servers running, however, there are many ... Generally referred to as "DMZ" when you search for firewall info ... (comp.os.linux.networking)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2006-06