1 |
On the ipfire router. A quick google turns up commands like: ip route get |
2 |
<IP> and ip route list cache match <IP> and if a redirected route exists, |
3 |
it is labelled that way in the output of such commands. |
4 |
|
5 |
If this is happening, it will be triggered by any traffic is forwarded to |
6 |
10.96.25.1. Also, it shouldnt cause any problems. Other than a traceroute |
7 |
output not quite being what you expect, is there any problem? If |
8 |
everything's good dont worry about it (unless your curiosity is piqued). |
9 |
|
10 |
|
11 |
On Thu, Oct 10, 2013 at 5:26 PM, Stefan G. Weichinger <lists@×××××.at>wrote: |
12 |
|
13 |
> Am 10.10.2013 06:45, schrieb Adam Carter: |
14 |
> > There might have been a icmp redirect from 10.96.25.1 telling ipfire that |
15 |
> > there's a better way to get to that network, and its via 10.96.25.2. |
16 |
> > |
17 |
> > On my system it seems to be off by default (I havent set it in |
18 |
> > /etc/sysctl.conf) which makes sense as redirects can be used for MITM |
19 |
> > attacks. |
20 |
> > $ cat /proc/sys/net/ipv4/conf/all/accept_redirects |
21 |
> > 0 |
22 |
> |
23 |
> So I would have to check that on the router? Or both? Just will check |
24 |
> both, sure ... |
25 |
> |
26 |
> Could this lead to mislead keepalive packets from libvirtd? |
27 |
> Maybe I should ask their network-admins for more details ... huge |
28 |
> company, unknown structures ;-) |
29 |
> |
30 |
> Thanks, Stefan |
31 |
> |
32 |
> |
33 |
> |