From owner-freebsd-questions Fri Jun 26 13:32:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA24714 for freebsd-questions-outgoing; Fri, 26 Jun 1998 13:32:18 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from server.amis.net (server.amis.net [195.10.52.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA24619 for ; Fri, 26 Jun 1998 13:31:28 -0700 (PDT) (envelope-from blaz@gold.amis.net) Received: (from uucp@localhost) by server.amis.net (8.8.8/8.8.8) with UUCP id WAA13900; Fri, 26 Jun 1998 22:30:58 +0200 (CEST) Received: from localhost (blaz@localhost) by gold.amis.net (8.8.8/8.8.8) with SMTP id WAA00407; Fri, 26 Jun 1998 22:29:23 +0200 (CEST) Date: Fri, 26 Jun 1998 22:29:22 +0200 (CEST) From: Blaz Zupan To: Doug White cc: freebsd-questions@FreeBSD.ORG Subject: Re: IP redirects In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > 1. Run gated on the FreeBSD box (which I would rather not do) > > 2. Put the Cisco and the OR-HS into another subnet (which I don't like) > > 3. Inhibit IP redirects (which somebody suggested could be done with ipfw) > > > > I think I'll pick number 3). > > Okay, in that case you need to find what message type redirects are, then > block them from ipfw, specifying the ICMP message type to block. Actually I finally picked solution number 4: turn off sending of IP redirects on the Cisco ("no ip redirect" on the ether1 port). > This should be on the ipfw man page. Yes, agree, there's absolutely nothing on IP redirects in the ipfw manpage. Blaz Zupan, blaz@medinet.si, http://home.amis.net/blaz Medinet d.o.o., Linhartova 21, 2000 Maribor, Slovenia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message