Sergey Matveychuk wrote:
I've got some problem with route entries that was created after ICMP
redirect messages. They are never expired.
Our default gateway (it's a HP switch) send ICMP redirect messages if it
see a short path to destination. It's makes it not so overloaded. But
pathes sometime changed. There is no problem with Windows workstations,
they are rebooted daily. But my FreeBSD boxes hold dinamic route entries
forever.
I've looked through RFCs and Stevens' books and found no answer on what
TTL for this entries.
Now I just add route flush as cron job. But may be there is another way?
Quoting this http://www.bsdbooks.net/shells/sysctl.html,
The third concept that we want to strengthen our box
against is redirects. In a well-designed network,
redirects to the end stations should not be required.
Both the sending and accepting of redirects should be
disabled. Again to achieve this first run the command
and then add to /etc/rc.conf:
#sysctl -w net.inet.icmp.drop_redirect=1
#sysctl -w net.inet.icmp.log_redirect=1
#sysctl -w net.inet.ip.redirect=0
#sysctl -w net.inet6.ip6.redirect=0
Best wishes,
Andrew P.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
