Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Adam Carter <adamcarter3@×××××.com>
To: "gentoo-user@l.g.o" <gentoo-user@l.g.o>
Subject: Re: [gentoo-user] what about my routing here ...
Date: Thu, 10 Oct 2013 04:45:58
Message-Id: CAC=wYCEcm1JdLmoRH8BPA71q1wwN4_dn=-w8RqDKYiAufBVffA@mail.gmail.com
In Reply to: [gentoo-user] what about my routing here ... by "Stefan G. Weichinger"
1 There might have been a icmp redirect from 10.96.25.1 telling ipfire that
2 there's a better way to get to that network, and its via 10.96.25.2.
3
4 On my system it seems to be off by default (I havent set it in
5 /etc/sysctl.conf) which makes sense as redirects can be used for MITM
6 attacks.
7 $ cat /proc/sys/net/ipv4/conf/all/accept_redirects
8 0
9
10
11
12 On Wed, Oct 9, 2013 at 9:50 PM, Stefan G. Weichinger <lists@×××××.at> wrote:
13
14 >
15 > server:
16 >
17 > # ip route s
18 > default via 10.96.25.129 dev br0
19 > 10.96.25.128/25 dev br0 proto kernel scope link src 10.96.25.131
20 > 192.168.1.0/24 dev eno2 proto kernel scope link src 192.168.1.201
21 >
22 > # !tra
23 > traceroute 172.32.99.12
24 > traceroute to 172.32.99.12 (172.32.99.12), 30 hops max, 60 byte packets
25 > 1 ipfire (10.96.25.129) 0.410 ms 1.213 ms 1.302 ms
26 > 2 10.96.25.2 (10.96.25.2) 3.853 ms 3.835 ms 3.825 ms
27 >
28 > ^C
29 >
30 > on the router "ipfire" (which is 10.96.25.129 on its LAN-side)
31 >
32 > # ip r s
33 > default via 10.96.25.1 dev blue0
34 >
35 > no specific routes on there
36 >
37 > The route should go via 10.96.25.1 for targets in 172.32.99.0/24 as
38 > well ...
39 >
40 > I don't get where it gets 10.96.25.2 from *scratch*
41 >
42 > This routing issue might be the problem with my libvirt-connections (see
43 > other current thread).
44 >
45 > Even when I do
46 >
47 > # ip route add 172.32.99.12/32 via 10.96.25.1
48 >
49 > on the router (explicit route for my desktop IP) the traceroute still
50 > shows:
51 >
52 > # traceroute 172.32.99.12
53 > traceroute to 172.32.99.12 (172.32.99.12), 30 hops max, 60 byte packets
54 > 1 ipfire.mlp-ag.com (10.96.25.129) 0.294 ms 0.270 ms 0.258 ms
55 > 2 10.96.25.2 (10.96.25.2) 0.569 ms 0.746 ms 0.987 ms^C
56 >
57 > Any hints on this?
58 > I need a vacation, btw ;-)
59 >
60 > And the best: I do this via ssh, so I am already connected ... which
61 > means I get packages back ...
62 >
63 > S
64 >
65 >

Replies

Subject Author
Re: [gentoo-user] what about my routing here ... "Stefan G. Weichinger" <lists@×××××.at>
Report Message
Find on MARC Find on Google Groups