again: internal icmp redirects and static routes

From:	Harald Leinders <harald dot leinders at denkwerk dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	again: internal icmp redirects and static routes
Date:	Fri, 14 Jan 2005 12:26:51 +0100

Dear Community,

I have a routing question. I've searched through the mailing list 
archives, and found several authors asking the same question, but no 
answer like "do it that way" or "no, impossible".

Here we go:

I'm managing a LAN with about 100 client ip's. I'd like to replace my 
main gateway (a netboz)  with a monowall. My LAN is connected via VPN 
to several customers (Subnet-to-subnet), located parallel to the main 
gateway (hardware solutions, cannot be substitued, see below). The only 
way to establish this setup (beside entering static routes in 100 
clients :) is to use internal icmp redirects. monowall seems to block 
this kind of icmp traffic. Is there any way to enable it?


   WAN           RemoteVPN1            RemoteVPN2
    ||                |                    |
    ||                |                    |
    ||                |                    |
Monowall          VPN-GW -----------------+
    |10.0.0.1         |10.0.1.1
    |                 |
    |    ----->       |
    |  ICMP Redirect  |
    |                 |
    |                 |
---+----- LAN -------+-------
       10.0.0.0/16

Monowall (10.0.0.1)  should redirect requests to e.g. subnet 
"RemoteVPN1" to the gateway VPN-GW (10.0.1.1).

Regards,
Harald

--
consultant systeme / professional services

denkwerk | vogelsanger straße 66 | d-50823 köln
telefon +49 221 2942 200 | telefax +49 221 2942 101
www.denkwerk.com