From owner-freebsd-questions Mon Dec 11 6:17:45 2000 From owner-freebsd-questions@FreeBSD.ORG Mon Dec 11 06:17:42 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from seralph10.essex.ac.uk (seralph10.essex.ac.uk [155.245.240.160]) by hub.freebsd.org (Postfix) with ESMTP id 217CA37B400 for ; Mon, 11 Dec 2000 06:17:42 -0800 (PST) Received: from so-16671-x0.essex.ac.uk ([155.245.119.80] helo=cartman) by seralph10.essex.ac.uk with smtp (Exim 3.13 #1) id 145TlY-00080F-00; Mon, 11 Dec 2000 14:17:20 +0000 From: "Steven" To: Cc: Subject: RE: ICMP redirect packets Date: Mon, 11 Dec 2000 14:13:48 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit In-Reply-To: <20001210211834.S96105@149.211.6.64.reflexcom.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > I have a query to do with icmp redirect packets. I'm not > entirely sure what > > they are, but my machine is sending a lot of them over the > network and I am > > not sure if it is meant to be doing! :-) > > Are you running routed(8)? Turn it off. You don't need it. not that i can see (it does not appear in ps -ax and there is no option set in my kernel config file). I added the following to my kernel config before the last recompile, as specified in a natd help document i read: options IPFIREWALL options IPDIVERT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 options TCP_DROP_SYNFIN options TCP_RESTRICT_RST options ICMP_BANDLIM and my rc.conf: gateway_enable="YES" firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="open" firewall_quiet="NO" natd_enable="YES" natd_flags="-f /etc/natd.conf" natd_interface="rl1" natd_program="/sbin/natd" my ipfw rules are a bit weird, but they work: 00050 176871 23548190 divert 8668 ip from any to any via rl1 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 65000 184797 25040370 allow ip from any to any 65535 14 1790 deny ip from any to any can you see anything obvious from this? (the network card for my bedroom LAN is rl0, the campus LAN card is rl1). Thanks for your help Steven To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message