You could try setting the following sysctl to 1: net.inet.ip.redirect
This at the command line: sysctl net.inet.ip.redirect=1 I think it's whats stopping pfsense from sending the redirects. --Bill On 11/13/06, Mitch Martin <[EMAIL PROTECTED]> wrote:
-----Original Message----- From: Peter Allgeyer [mailto:[EMAIL PROTECTED] Sent: Sunday, November 12, 2006 4:25 PM To: support@pfsense.com Subject: RE: [pfSense Support] ICMP redirects not functional in v1.0.1? Am Sonntag, den 12.11.2006, 15:26 -0500 schrieb Mitch Martin: > How might I implement the "fix" that Peter did? I can't remember any fix. I redefined my internal routing to our central layer 3 switch instead of to the firewall. In your July thread you wrote "Changing Rule 622 to pass any protocol solves the problem?!". I read that as meaning that you found a workaround and maybe it was something that I could implement on my box, as well. > I_really_ need > redirects to work as I don't have the time or money to replace the > dumb routers in our subnets. > Do I just ssh into pfSense and change some default firewall rule? I > don't mean to take up your time with this so maybe just a "pointer" or > two in the right direction would suffice. ;-) Difficult. I've just checked pfsense and ICMP redirects still don't work. You have still the possibility to route these packets through the firewall instead of switching them to the "best" router. Have you checked "Static route filtering", "Bypass firewall rules for traffic on the same interfaces" on /system_advanced.php? Yes, I did try that, as well as, opening firewall rules on the LAN port. I also tried a m0n0wall router. I know that it uses a different packet filter. Redirects do work in m0n0wall. What surprised me about redirects on the m0n0wall box is that they work when the checkbox is "unchecked" on the System Advanced page and don't work when the checkbox is checked. This seems contrary to the way I understand what that setting is doing. Anyway, I suppose that I can use "routed" (thanks to Bill M) on my pfSense box and update my dumb routers to pfSense, also. I certainly don't want to go back to the Sonicwall after seeing all that is possible with pfSense. ;-) Thanks you Peter, and Scott, for your time in trying to help me. I would appreciate anything else you might like to add that would be of help. If not, I will continue on with my plan to update my routers. ;-) Regards, Mitch BR, PIT ------------------------------------------------------------------------ --- copyleft(c) by | _-_ Never trust an operating system you don't Peter Allgeyer | 0(o_o)0 have sources for. ;-) -- Unknown source ---------------oOO--(_)--OOo-------------------------------------------- --- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
