[LARTC] Re: Preventing ICMP Redirects?

[LARTC] Re: Preventing ICMP Redirects?

[Suthep]

<PRE>On Sun, Feb 11, 2001 at 02:36:43AM -0200, Rogerio Brito wrote:
&gt;<i> 	I've been bitten by these ICMP Redirects once. Is there any
</I>&gt;<i> 	way to prevent them from being sent out? Perhaps doing some
</I>
Hmmm. I never tried this before, but how about setting these kernel 
variables to 0? (depending on what you want):

/proc/sys/net/ipv4/conf/&lt;if&gt;/accept_redirects
/proc/sys/net/ipv4/conf/&lt;if&gt;/send_redirects

Note that I'm using kernel 2.4. I'm not sure they are available in 2.2,
though.

Suthep

&gt;<i> 	packet filtering of the ICMP Redirects? Even if this works,
</I>&gt;<i> 	this sure sounds like a dirty solution... :-(
</I>&gt;<i> 
</I>&gt;<i> 	In that occasion, I was trying to set up a masquerading box
</I>&gt;<i> 	with only one NIC and two IP addresses (the Internet-valid one
</I>&gt;<i> 	and the private one), hooking everything in a single hub and
</I>&gt;<i> 	routing accordingly.
</I>&gt;<i> 
</I>&gt;<i> 	I don't remember the details (since this was many months ago),
</I>&gt;<i> 	but the only solution that I could make work was to buy
</I>&gt;<i> 	another NIC for the masquerading box and put one IP in each
</I>&gt;<i> 	NIC, doing everything as usual. :-(
</I>&gt;<i> 
</I>&gt;<i> 	As I don't remember more details of the situation, I'm just
</I>&gt;<i> 	hoping that this description rings a bell for someone. Any
</I>&gt;<i> 	explanation of how to make this setup with just one NIC or
</I>&gt;<i> 	comments on why this shouldn't be done are immensely
</I>&gt;<i> 	appreciated.
</I>&gt;<i> 
</I>&gt;<i> 
</I>&gt;<i> 	Thanks in advance, Roger...
</I>&gt;<i> 
</I>&gt;<i> -- 
</I>&gt;<i> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-</I>&gt;<i>   Rogerio Brito - <A HREF="mailto:rbrito@iname.com">rbrito@iname.com</A> - <A HREF="http://www.ime.usp.br/~rbrito/">http://www.ime.usp.br/~rbrito/</A>
</I>&gt;<i> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-</I>&gt;<i> 
</I>&gt;<i> _______________________________________________
</I>&gt;<i> LARTC mailing list / <A HREF="mailto:LARTC@mailman.ds9a.nl">LARTC@mailman.ds9a.nl</A>
</I>&gt;<i> <A HREF="http://mailman.ds9a.nl/mailman/listinfo/lartc">http://mailman.ds9a.nl/mailman/listinfo/lartc</A> HOWTO: <A HREF="http://ds9a.nl/2.4Routing/">http://ds9a.nl/2.4Routing/</A>
</I>

</PRE>

[LARTC] Re: Preventing ICMP Redirects?

[Rogerio]

<PRE>On Feb 13 2001, Suthep Vichiendilokkul wrote:
&gt;<i> On Sun, Feb 11, 2001 at 02:36:43AM -0200, Rogerio Brito wrote:
</I>&gt;<i> &gt; 	I've been bitten by these ICMP Redirects once. Is there any
</I>&gt;<i> &gt; 	way to prevent them from being sent out? Perhaps doing some
</I>
	First of all, I'd like to thank everybody who replied. A
	sincere thanks.

&gt;<i> Hmmm. I never tried this before, but how about setting these kernel
</I>&gt;<i> variables to 0? (depending on what you want):
</I>&gt;<i> 
</I>&gt;<i> /proc/sys/net/ipv4/conf/&lt;if&gt;/accept_redirects
</I>&gt;<i> /proc/sys/net/ipv4/conf/&lt;if&gt;/send_redirects
</I>
	Yes, I'm using Linux 2.2.18 and they are available here.


	Thanks again, Roger...

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  Rogerio Brito - <A HREF="mailto:rbrito@iname.com">rbrito@iname.com</A> - <A HREF="http://www.ime.usp.br/~rbrito/">http://www.ime.usp.br/~rbrito/</A>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

</PRE>