[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Odd routing issue
 Date:  Tue, 27 Aug 2013 10:05:38 -0500
On 08/27/2013 09:32 AM, Jack wrote:
> Hello Lee,
>
> What hosts OS are you running? Did you check the redirect routes?
>
> Linux: ip route list cache
> Win: route print
>
> Im wondering if the host received ICMP redirect message corectly. If the
> routes are correct, I would do a bit more tracing even on the interface
> of FW1.

Now this is odd...

To start, I do the "ip route list cache" on my laptop with a pipe to 
grep for 192.168.43 and I get nothing at all.  I start pinging my laptop 
(192.168.40.108) from the LAN side of firewall 2.  It fails.  But now;
lee@it-ubuntu-lee:~$ ip route list cache | grep 192.168.43
192.168.43.1 from 192.168.40.108 via 192.168.40.1 dev eth0
local 192.168.40.108 from 192.168.43.1 dev lo  src 192.168.40.108

It is still failing, so I ping from my laptop to the LAN of FW2. 
Success, which is no suprise.
lee@it-ubuntu-lee:~$ ping 192.168.43.1
PING 192.168.43.1 (192.168.43.1) 56(84) bytes of data.
 From 192.168.40.1: icmp_seq=1 Redirect Host(New nexthop: 192.168.40.2)
64 bytes from 192.168.43.1: icmp_seq=1 ttl=64 time=0.417 ms
64 bytes from 192.168.43.1: icmp_seq=2 ttl=64 time=0.482 ms
^C
--- 192.168.43.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.417/0.449/0.482/0.038 ms

At this point the LAN of FW2 pinging me now works...
Ping output:

PING 192.168.40.108 (192.168.40.108) from 192.168.43.1: 56 data bytes
64 bytes from 192.168.40.108: icmp_seq=0 ttl=64 time=0.330 ms
64 bytes from 192.168.40.108: icmp_seq=1 ttl=64 time=0.557 ms
64 bytes from 192.168.40.108: icmp_seq=2 ttl=64 time=0.424 ms

--- 192.168.40.108 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.330/0.437/0.557/0.093 ms


And "ip route list cache" is different on my laptop.
lee@it-ubuntu-lee:~$ ip route list cache | grep 192.168.43
192.168.43.1 from 192.168.40.108 via 192.168.40.2 dev eth0
192.168.43.1 via 192.168.40.2 dev eth0  src 192.168.40.108
local 192.168.40.108 from 192.168.43.1 dev lo  src 192.168.40.108


Here are the key bits close...

Laptop before any ping.

<null>

Laptop after being pinged. (Fails)

192.168.43.1 from 192.168.40.108 via 192.168.40.1 dev eth0
local 192.168.40.108 from 192.168.43.1 dev lo  src 192.168.40.108

Laptop after pinging back. (Success on all sides)

192.168.43.1 from 192.168.40.108 via 192.168.40.2 dev eth0
192.168.43.1 via 192.168.40.2 dev eth0  src 192.168.40.108
local 192.168.40.108 from 192.168.43.1 dev lo  src 192.168.40.108

So, yes, I am not getting the redirect on ICMP echo, but I am on ICMP?  WTF?

			Lee