|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
Usenet
Guest
|
 Posted: Mon Feb 25, 2008 3:44 am Post subject: ICMP Redirect Query? |
 |
|
If I have a router with a single interface on 192.168.1.254 configured
as default gateway for LAN clients on 192.168.1.x and it has 2 routes
i.e:
192.168.2.0 route through 192.168.1.1
0.0.0.0 route through 192.168.1.2
and ICMP Redirect is enabled, can anyone confirm under what
circumstances traffic from LAN clients on 192.168.1.x attempts to go via
the default gateway on 192.168.1.254?
My understanding is that if a client tries to go to www.microsoft.com
the default gateway does an ICMP Redirect and tells the client to use
192.168.1.2 directly, and the client will store/cache the route.
If the client then tries www.hp.com would it attempt to go via the
default gateway and again be redirected, or would the client know from
the first redirect that all traffic to 0.0.0.0 should go directly to
192.168.1.2?
TIA |
|
| Back to top |
|
 |
|
|
stephen
Guest
|
| Posted: Mon Feb 25, 2008 5:13 am Post subject: Re: ICMP Redirect Query? |
|
|
"Usenet" <usenet@nospam.please> wrote in message
news:usenet-E88968.21441624022008@softbank060082049208.bbtec.net...
| Quote: | If I have a router with a single interface on 192.168.1.254 configured
as default gateway for LAN clients on 192.168.1.x and it has 2 routes
i.e:
192.168.2.0 route through 192.168.1.1
0.0.0.0 route through 192.168.1.2
and ICMP Redirect is enabled, can anyone confirm under what
circumstances traffic from LAN clients on 192.168.1.x attempts to go via
the default gateway on 192.168.1.254?
|
this sounds like homework, so treat it as an "understanding" Q....
1st point is the default g/w isnt doing anything useful, so your design is
poor.
| Quote: |
My understanding is that if a client tries to go to www.microsoft.com
the default gateway does an ICMP Redirect and tells the client to use
192.168.1.2 directly, and the client will store/cache the route.
|
ICMP will happen assuming:
redirects are enabled (nb - they get turned off by 1st hop protocols such as
VRRP / HSRP).
the default gateway uses redirect (a firewall probably wont ).
if the redirect is sent, the client can cache it, but doesnt have to (and
the cache time could be short compared to the packet rate, so it has no
effect).
| Quote: |
If the client then tries www.hp.com would it attempt to go via the
default gateway and again be redirected, or would the client know from
the first redirect that all traffic to 0.0.0.0 should go directly to
192.168.1.2?
|
in real life redirects are per destination address, so getting 1 redirect
doesnt imply anything about a different destination.
Regards
stephen_hope@xyzworld.com - replace xyz with ntl |
|
| Back to top |
|
|
Thrill5
Guest
|
| Posted: Mon Feb 25, 2008 11:05 am Post subject: Re: ICMP Redirect Query? |
|
|
Some clients ignore ICMP redirects because it is a security vulnerability.
You network design should avoid this type of configuration and put the
router that is the default gateway behind the router the clients are
talking to.
"Usenet" <usenet@nospam.please> wrote in message
news:usenet-E88968.21441624022008@softbank060082049208.bbtec.net...
| Quote: | If I have a router with a single interface on 192.168.1.254 configured
as default gateway for LAN clients on 192.168.1.x and it has 2 routes
i.e:
192.168.2.0 route through 192.168.1.1
0.0.0.0 route through 192.168.1.2
and ICMP Redirect is enabled, can anyone confirm under what
circumstances traffic from LAN clients on 192.168.1.x attempts to go via
the default gateway on 192.168.1.254?
My understanding is that if a client tries to go to www.microsoft.com
the default gateway does an ICMP Redirect and tells the client to use
192.168.1.2 directly, and the client will store/cache the route.
If the client then tries www.hp.com would it attempt to go via the
default gateway and again be redirected, or would the client know from
the first redirect that all traffic to 0.0.0.0 should go directly to
192.168.1.2?
TIA |
|
|
| Back to top |
|
|
|
|
