Date: Tue, 16 Oct 2001 14:47:01 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: Network question - which process is sending ICMP out? Message-ID: <20011016144701.G4437@blossom.cjclark.org> In-Reply-To: <20011016161459.C25427@acadia.ne.mediaone.net>; from leblanc%2Bfreebsd@acadia.ne.mediaone.net on Tue, Oct 16, 2001 at 04:14:59PM -0400 References: <20011016161459.C25427@acadia.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 16, 2001 at 04:14:59PM -0400, Louis LeBlanc wrote:
> Quick network question:
> I am seeing this in my security log:
> Oct 16 16:06:28 acadia /kernel: ipfw: 63000 Deny ICMP:5.1 65.96.186.69 <some other IP> out via xl0
>
> Is there a way to find out which process is causing this? I'm not
> pinging that IP as far as I know.
ICMP type 5, code 1 is a host redirect message. Is 65.96.186.69 your
FreeBSD machine? The redirects would be generated by the kernel. For
some reason it is receiving packets from <some other IP> that it
thinks <some other IP> should be sending via a different route. This
is probably indicative of a routing problem between the two
machines. But if you just want to stop generating redirects, I believe
the net.inet.ip.redirect sysclt(8) controls that.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011016144701.G4437>