From owner-freebsd-questions Sun Dec 10 16:37:33 2000 From owner-freebsd-questions@FreeBSD.ORG Sun Dec 10 16:37:30 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from seralph10.essex.ac.uk (seralph10.essex.ac.uk [155.245.240.160]) by hub.freebsd.org (Postfix) with ESMTP id C607737B400 for ; Sun, 10 Dec 2000 16:37:29 -0800 (PST) Received: from so-16671-x0.essex.ac.uk ([155.245.119.80] helo=cartman) by seralph10.essex.ac.uk with smtp (Exim 3.13 #1) id 145Gy8-0003eG-00 for freebsd-questions@freebsd.org; Mon, 11 Dec 2000 00:37:28 +0000 From: "Steven" To: Subject: ICMP redirect packets Date: Mon, 11 Dec 2000 00:33:15 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I have a query to do with icmp redirect packets. I'm not entirely sure what they are, but my machine is sending a lot of them over the network and I am not sure if it is meant to be doing! :-) I have 3 machines in my room, each of which have a network card and are connected together via a hub. Each have an address in the 192.168.1 subnet. One of the machines which is running FreeBSD 4.1 has another network card, which is attached to the university campus network. It has a real IP address (155.245.119.80 - so-16671-x0.essex.ac.uk) which was assigned to me by the uni. In order to let my other 2 machines (Windows 98 and another FreeBSD 4.1) communicate over the internet, I am running NATD on the machine with the connection to the campus network (which i will refer to as the router from now on) and have set the other 2 machines to use it as their gateway. All is happy natd wise, appart from tens of: Dec 11 00:05:26 natd[159]: failed to write packet back (Host is down) which I am told is normal and due to a problem upstream from me. The router doesn't have a monitor, I access it over the serial port and ssh so I don't log into it very often, accept for diagnostics. In October I was sent an email by another user of the campus network informing me that my host was sending a lot of "ICMP Redirect packets". I didn't get this email until tonight, when i decided to login to the router and read the logs. So, i did a tcpdump on the network card which is on the campus network. Sure enough, my host appears to be sending ICMP Redirect packets. Not just one every now and then, but tonnes (upto 20 per second) to random machines on the network. Eg: 23:13:25.766467 so-16671-x0.essex.ac.uk > so-16467-x0.essex.ac.uk: icmp: redirect 155.245.127.255 to host 155.245.127.255 23:13:25.767043 so-16671-x0.essex.ac.uk > so-12669-x0.essex.ac.uk: icmp: redirect 155.245.127.255 to host 155.245.127.255 23:13:25.770586 so-16671-x0.essex.ac.uk > so-13382-x0.essex.ac.uk: icmp: redirect 155.245.127.255 to host 155.245.127.255 23:13:25.771184 so-16671-x0.essex.ac.uk > so-12669-x0.essex.ac.uk: icmp: redirect 155.245.127.255 to host 155.245.127.255 23:13:25.771750 so-16671-x0.essex.ac.uk > so-12669-x0.essex.ac.uk: icmp: redirect 155.245.127.255 to host 155.245.127.255 23:13:25.775189 so-16671-x0.essex.ac.uk > so-15242-x0.essex.ac.uk: icmp: redirect 155.245.127.255 to host 155.245.127.255 and so on. I noticed that in some cases there would be a netbois request before this (the network it is attached to is a student accomodation one - hence several thousand MS windows machines), eg: 23:13:35.212169 so-8410-x0.essex.ac.uk.netbios-ns > 155.245.127.255.netbios-ns: >>> NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 23:13:35.269727 so-16671-x0.essex.ac.uk > so-8410-x0.essex.ac.uk: icmp: redirect 155.245.127.255 to host 155.245.127.255 Basically my question is, is this normal? Can I stop my machine from doing it without hindering performance? I know a fair amount about IP, but don't really know what an ICMP redirect is. I ran some searches before writting this email (I always try to figure stuff out for myself before asking questions) but i couldn't really find much useful information. I am reluctant to play about with the router as other than this it is doing a very fine job. Thanks for your help Steven To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message