Sorry forgot the list!! -----Mensaje original----- De: Sergio Morilla Enviado el: Wednesday, December 18, 2002 13:07 Para: 'Charles Steinkuehler' Asunto: RE: [leaf-user] Ingnore redirects
Thanks Charles!! I had my leaf firewall set as the default GW, and had always managed routing thru it. Blame it on MS, but I had this config for almost a year with no redirect problems at all. The static route to 192.168.3/24 is set on the leaf server (Dachstein 1.02 CD) Are you (anyone) aware of changes on how routing is managed on W2K since SP3?? 192.168.1.24 is a W2K server just installed, and the only "change" seems to be W2K SP3 applied!! Thanks anyway. Now I know what I'm looking for!! Sergio > -----Mensaje original----- > De: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] > Enviado el: Wednesday, December 18, 2002 12:37 > Para: Sergio Morilla > CC: Leaf-user@lists. sourceforge. net (E-mail) > Asunto: Re: [leaf-user] Ingnore redirects > > > Sergio Morilla wrote: > > Hi, > > > > I have these messages in my logs. > > > > Dec 17 06:45:33 tptrtr kernel: host 1801a8c0/if8 ignores > redirects for c803a8c0 to fe01a8c0. > > Dec 17 07:02:05 tptrtr kernel: host 1801a8c0/if8 ignores > redirects for c803a8c0 to fe01a8c0. > > Dec 17 07:18:38 tptrtr kernel: host 1801a8c0/if8 ignores > redirects for c803a8c0 to fe01a8c0. > > Dec 17 07:35:10 tptrtr kernel: host 1801a8c0/if8 ignores > redirects for c803a8c0 to fe01a8c0. > > Dec 17 07:51:19 tptrtr kernel: host 1801a8c0/if8 ignores > redirects for c803a8c0 to fe01a8c0. > > > > 1801a8c0 192.168.1.24 A W2K Server PDC running RAS > > c803a8c0 192.168.3.200 A W2K Server BDC running Exchange > > fe01a8c0 192.168.1.254 A Vanguard Router between > 192.168.1.x and 192.168.3.x > > > > I can't understand what are this messages meaning!! > > The windows server: 1801a8c0 (192.168.1.24) > > is sending packets for: c803a8c0 (192.168.3.200) > > to your firewall instead of: fe01a8c0 (192.168.1.254) > > Your firewall then sends an ICMP redirect message to 192.168.1.24, > telling it there is a better route to the 192.168.3.200 machine, but > your PDC/RAS server is not listening. > > This error is a result of incorrect routing tables on your > windows PDC. > All systems on the 192.168.1.x network that need to talk to the > 192.168.3.x network should have a static route pointing to > the Vanguard > router. Add a static route to your PDC, and these errors > will go away. > > NOTE: You could also enable ICMP redirects on the PDC, allowing the > routing table to be built dynamically, but this approach has > a negative > impact on your overall security (it becomes possible to > confuse your PDC > by spoofing ICMP redirect messages, creating the potential > for a DoS or > traffic sniffing attack). > > You may be able to assign static routes via DHCP, if the OS > dhcp client > supports this feature (I've done this on linux, but haven't tried it > with windows). This could be handy if you have a lot of systems that > need to talk across the Vanguard. If it's just the PDC (or maybe 2-3 > machines), it's probably easier to just add a static route in each > systems network configuration. > > -- > Charles Steinkuehler > [EMAIL PROTECTED] > > > ------------------------------------------------------- This SF.NET email is sponsored by: Order your Holiday Geek Presents Now! Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap, MP3 Players, XBox Games, Flying Saucers, WebCams, Smart Putty. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
