[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall Mailing List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] ICMP Redirects
 Date:  Tue, 31 May 2005 01:05:06 -0400
On 5/30/05, Paul Dugas <paul at dugas dot cc> wrote:
> Read some earlier posts about this but nothing that tells me whether this
> is by design or not so I figure I'd bring it up again.
> 
> I have m0n0 1.2b8 setup as my default gateway from the LAN.  I have a few
> static routes that point to an exsisting VPN router on the LAN interface.
> If a machine on the LAN interface pings one of the hosts on the remote VPN
> network, the m0n0 box is generating the ICMP Redirects and the pings go
> through and retun successfully.  If I try something other than ICMP (i.e.
> ssh, http, ftp), I am not receiving the redirects.
> 
> Is this by design?  If so, why ICMP and not IP?  If not, is there a fix?
> Where have I gone awry?
> 

Any time you put in a static route, when your machine goes to m0n0wall
to get to the remote network, m0n0 will send back an ICMP redirect
letting your machine know there is a better route on the local
network.  It'll still pass on the traffic to that route, in case your
machine doesn't accept ICMP redirects.  Your machine will add that to
its routing table and use that path for future connections.

Given what you're describing, I would guess you have a route in your
local routing table pointing to the VPN router, and your machine is
obeying it for TCP but not ICMP.  Why?  I have no idea, but it sounds
like a bug or "feature" in your OS.  You can check your local routing
table by running 'route print' at a command line (assuming Windows
OS).

-Chris