router wont stop sending icmp redirects

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

router wont stop sending icmp redirects

tobias Freitag
Hi list,

I am trying to implement a transparent proxy using the pf rdr action but my
clients ignore the icmp redirects that are send out by the openbsd box. I
tried to get it to use adress translation instead, but no avail.

The box is set to router mode (net.inet.ip.forwarding=1) and sending of
redirects is switched off (net.inet.ip.redirect=0) but shamelessly ignored.

Any ideas?

Tobias Freitag
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal f|r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

Reply | Threaded
Open this post in threaded view
|

Re: router wont stop sending icmp redirects

Joe S-3
tobias Freitag wrote:

> Hi list,
>
> I am trying to implement a transparent proxy using the pf rdr action but my
> clients ignore the icmp redirects that are send out by the openbsd box. I
> tried to get it to use adress translation instead, but no avail.
>
> The box is set to router mode (net.inet.ip.forwarding=1) and sending of
> redirects is switched off (net.inet.ip.redirect=0) but shamelessly ignored.
>
> Any ideas?
>
> Tobias Freitag

You don't give very much information.

What version of OpenBSD are you running? 2.x? 3.x? 4.0?

How do you know they are not getting proxy'd?


If I had this problem, I would verify the syntax of the rdr rule. I
would also make sure PF is enabled (pfctl -e). If you have all of these
things correct, you clients should hit the proxy. Without more info, I
don't know if anyone can help.

Reply | Threaded
Open this post in threaded view
|

Re: router wont stop sending icmp redirects

asmith-4
In reply to this post by tobias Freitag
net.inet.ip.redirect = 0

Means that the machine will not "honour" redirects.

The value is used to ignore redirects sent by routers not to disable sending
of redirects if you happen to be running as a router.

-Andy

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
tobias Freitag
Sent: 16 November 2006 02:01
To: [hidden email]
Subject: router wont stop sending icmp redirects

Hi list,

I am trying to implement a transparent proxy using the pf rdr action but my
clients ignore the icmp redirects that are send out by the openbsd box. I
tried to get it to use adress translation instead, but no avail.

The box is set to router mode (net.inet.ip.forwarding=1) and sending of
redirects is switched off (net.inet.ip.redirect=0) but shamelessly ignored.

Any ideas?

Tobias Freitag
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal f|r Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

Reply | Threaded
Open this post in threaded view
|

Re: router wont stop sending icmp redirects

Camiel Dobbelaar
On Thu, 16 Nov 2006, Andrew Smith wrote:

> net.inet.ip.redirect = 0
>
> Means that the machine will not "honour" redirects.
>
> The value is used to ignore redirects sent by routers not to disable sending
> of redirects if you happen to be running as a router.

No, you're talking about net.inet.icmp.rediraccept

net.inet.ip.redirect should be the right button to control the sending of
icmp redirects.