Bug#557448: linux-image-2.6.31-1-amd64: net.ipv4.conf.all.secure_redirects not working
tags 557448 moreinfo
stop
On Sun, 22 Nov 2009, Alex Samad wrote:
> Hi
>
> I have a local lan network
> 192.168.11.0/24 dgw - 192.168.11.1
>
> I also have a wireless network
> 192.168.10.0/24 dgw - 192.168.10.1
>
> the router at 192.168.10.1 is a linux server with the address 192.168.11.10 as well.
>
> I have placed a ip route add/replace 192.168.10.0/24 via 192.168.11.10 on 192.168.11.1 this send the appropiate icmp redirects for 192.168.10.0/24 via 192.168.11.10
>
> what seems to be failing is this scenario.
>
> laptop connected to 192.168.11.0/24 (ip via dhcp) with
> net.ipv4.conf.all.accept_redirects = 0
> net.ipv4.conf.all.secure_redirects = 1
>
> All the other interface redirects set to 1
>
> with another linux machine (alex-mini) on the wireless (192.168.10.0/24 - ip via dhcp), I try and ssh to laptop - which fails.
>
> When I look at the tcpdump on laptop I see the packets coming in but laptop is trying to send the packets via 192.168.11.1, it doesn't seem to acknowledge the icmp redirects even though I have secure_redirects set to 1 and 192.168.11.1 is the default gateway..
>
> when I set net.ipv4.conf.all.accept_redirects to 1 everything works fine, the icmp redirect is accepted....
>
> this seems to be contry to the documenation in sysctl.conf , which says these flags are OR
>
> Alex
17:41 <bwh> Documentation/networking/ip-sysctl.txt says "secure_redirects -
BOOLEAN Accept ICMP redirect messages only for gateways, listed in
default gateway list."
17:42 <bwh> So my guess is that in #557448 the submitter has not listed both
gateways in DHCP
can you verify please aboves?
Reply to: