Hi All
I solved the problem with the ICMP Redirect in the Source file an recompiled
the Kernel. All works fine now. I think, it would be a possibility to put
this option into the FreeBSD Sources, or as an option in the sysctl?
ICMP Redirect is a simple way to relieve a *BSD Router. Why we put
Hi Crist and net-list
I am not sure of the reason redirects are not sent for the default
route. In your Stevens reference, he doesn't explain any reasoning for
it? As you say, the comment I quoted goes wa-ay back to before the
initial FreeBSD CVS import back to 4.4BSD or earlier. You might
Good Morning Crist
Ok, this with the Network-IP aliases, you are right, tnx for the tip. I
think you are intrested in the Flags, D for dynamic redirect and M for
modified dynamical from redirect. On the BSDClient, there are no entries in
the routing table with the D or M Flag.
I detected two
Hi Crist
Here the Logs and outputs for you
Regards
Reto
# tcpdump -vvXs 1500 'icmp'
172.16.224.24 - BSD Host
172.16.1.254 - BSD Router
12:00:43.658869 172.16.1.254 172.16.224.24: icmp: redirect 172.24.0.2 to
host
172.16.1.252 for 172.16.224.24 172.24.0.2: icmp: echo request (ttl
Hello
IPSec Tunnel security is working like this: You have to permit traffic to
the Tunnel, this you can du with Access-Lists on a Firewall (ie ipfw)
In the Tunnel, only permitted traffic will be transmitted, so you don't have
to filter packets comming from the IPSec Tunnel. It's not
Hi all
Ok, at this time I would handle this problem like this:
Connect the two sides with an IPSec Tunnel and write an access-list with
ipfw that allow only the specified traffic from the other side network to
your network. This would be the fastest way to handle this problem. For
this, you