| 1 |
On the ipfire router. A quick google turns up commands like: ip route get |
| 2 |
<IP> and ip route list cache match <IP> and if a redirected route exists, |
| 3 |
it is labelled that way in the output of such commands. |
| 4 |
|
| 5 |
If this is happening, it will be triggered by any traffic is forwarded to |
| 6 |
10.96.25.1. Also, it shouldnt cause any problems. Other than a traceroute |
| 7 |
output not quite being what you expect, is there any problem? If |
| 8 |
everything's good dont worry about it (unless your curiosity is piqued). |
| 9 |
|
| 10 |
|
| 11 |
On Thu, Oct 10, 2013 at 5:26 PM, Stefan G. Weichinger <lists@×××××.at>wrote: |
| 12 |
|
| 13 |
> Am 10.10.2013 06:45, schrieb Adam Carter: |
| 14 |
> > There might have been a icmp redirect from 10.96.25.1 telling ipfire that |
| 15 |
> > there's a better way to get to that network, and its via 10.96.25.2. |
| 16 |
> > |
| 17 |
> > On my system it seems to be off by default (I havent set it in |
| 18 |
> > /etc/sysctl.conf) which makes sense as redirects can be used for MITM |
| 19 |
> > attacks. |
| 20 |
> > $ cat /proc/sys/net/ipv4/conf/all/accept_redirects |
| 21 |
> > 0 |
| 22 |
> |
| 23 |
> So I would have to check that on the router? Or both? Just will check |
| 24 |
> both, sure ... |
| 25 |
> |
| 26 |
> Could this lead to mislead keepalive packets from libvirtd? |
| 27 |
> Maybe I should ask their network-admins for more details ... huge |
| 28 |
> company, unknown structures ;-) |
| 29 |
> |
| 30 |
> Thanks, Stefan |
| 31 |
> |
| 32 |
> |
| 33 |
> |
Archives