From owner-freebsd-net Thu Jul 15 16:44: 7 1999 Delivered-To: freebsd-net@freebsd.org Received: from queasy.outpost.co.nz (outpost2.inspire.net.nz [203.96.157.26]) by hub.freebsd.org (Postfix) with SMTP id 751451562C for ; Thu, 15 Jul 1999 16:44:01 -0700 (PDT) (envelope-from crh@outpost.co.nz) Received: (qmail 58069 invoked from network); 15 Jul 1999 23:42:29 -0000 Received: from officedonkey.outpost.co.nz (HELO officedonkey) (192.168.1.3) by outpost2.inspire.net.nz with SMTP; 15 Jul 1999 23:42:29 -0000 Comments: Authenticated sender is From: "Craig Harding" Organization: Outpost Digital Media Ltd To: freebsd-net@freebsd.org Date: Fri, 16 Jul 1999 11:42:29 +1200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: ICMP Redirect Floods Reply-To: crh@outpost.co.nz X-mailer: Pegasus Mail for Windows (v2.52) Message-Id: <19990715234403.751451562C@hub.freebsd.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm having a weird problem with our ISP's router that they seem unable to fix and I can't quite follow what's happening. We've got a small LAN, running NATD'd via a FreeBSD gateway server which connects through a centrex (and hence permanent) ISDN link to our ISP. The server has a real, static IP number. Earlier this week we started having problems with the ISDN TA hanging up and reconnecting. I've got LQR monitoring enabled on the PPP link (using usermode PPP), and it turns out PPP was hanging up because occasional floods of ICMP redirect messages from the ISPs router were saturating the PPP link and preventing sufficient LQR packets from getting through. I do mean saturating - 1MB of ICMP redirects received at up to 20kB/s on a 128kb/s ISDN link. The ICMP redirect floods are some side effect of the transparent proxy cache the ISP runs which intercepts all HTTP traffic. They only occur when attempting to access the web from one of the PCs on our LAN, running Win98 and Netscape 4.06. The salient point is that this PC alone has also been allocated a real IP address, while all other PCs here are on 192.168.1.x. HTTP traffic from any other PC (or the Mac, or the FreeBSD gateway server via Lynx) causes no untoward effects. The PC with the real address actually has a private IP, with the static address given to it by a static 1-1 translation link in NATD. The ISP has been particularly unsuccessful at even beginning to resolve the problem, so in the first instance I turned off LQR monitoring on the PPP link to keep the line up. I then blocked ICMP redirects at my firewall on the gateway FreeBSD box, and here's where the wierdness starts - bingo, no more floods. I don't mean they're just now being blocked, I mean the floods no longer happen at all. And this is where we come up against my limited experience with IP. I can't understand how, if IPFW is blocking ICMP redirects and silently dropping them on the floor instead of passing them on to the Windows PC, the router at the ISP is somehow finding out about this change of behaviour and doing something different as a result? I've run tcpdumps and I can't see any traffic flowing back from the gateway server or he Windows PC that would alert the router that something's changed - the only thing going out are the HTTP requests from the PC. Does anyone have any idea what's going on, I'm stumped? Is there some characteristic of the PPP link that passes information about the blocked traffic back to their terminal server which then informs the router? Is there something really obvious that I've missed because I'm a stupid goombah? And what's causing those redirect floods in the first place? -- C. -- Craig Harding crh@outpost.co.nz "I don't know about God, I Outpost Digital Media Ltd crh@inspire.net.nz just think we're handmade" http://www.outpost.co.nz ICQ# 26701833 - Polly To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message