From owner-freebsd-questions  Tue Oct 16 14:47:37 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22])
	by hub.freebsd.org (Postfix) with ESMTP id B1D6937B407
	for <freebsd-questions@FreeBSD.ORG>; Tue, 16 Oct 2001 14:47:34 -0700 (PDT)
Received: from blossom.cjclark.org (dialup-209.247.143.200.Dial1.SanJose1.Level3.net [209.247.143.200])
	by hawk.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id OAA19104
	for <freebsd-questions@FreeBSD.ORG>; Tue, 16 Oct 2001 14:47:17 -0700 (PDT)
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id f9GLl2s05366
	for freebsd-questions@FreeBSD.ORG; Tue, 16 Oct 2001 14:47:02 -0700 (PDT)
	(envelope-from cjc)
Date: Tue, 16 Oct 2001 14:47:01 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: freebsd-questions@FreeBSD.ORG
Subject: Re: Network question - which process is sending ICMP out?
Message-ID: <20011016144701.G4437@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20011016161459.C25427@acadia.ne.mediaone.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011016161459.C25427@acadia.ne.mediaone.net>; from leblanc+freebsd@acadia.ne.mediaone.net on Tue, Oct 16, 2001 at 04:14:59PM -0400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, Oct 16, 2001 at 04:14:59PM -0400, Louis LeBlanc wrote:
> Quick network question:
> I am seeing this in my security log:
> Oct 16 16:06:28 acadia /kernel: ipfw: 63000 Deny ICMP:5.1 65.96.186.69 <some other IP> out via xl0
> 
> Is there a way to find out which process is causing this?  I'm not
> pinging that IP as far as I know.

ICMP type 5, code 1 is a host redirect message. Is 65.96.186.69 your
FreeBSD machine? The redirects would be generated by the kernel. For
some reason it is receiving packets from <some other IP> that it
thinks <some other IP> should be sending via a different route. This
is probably indicative of a routing problem between the two
machines. But if you just want to stop generating redirects, I believe
the net.inet.ip.redirect sysclt(8) controls that.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message