one of my machines just lost its default route out of the blue. it's
not hacked, and process accounting shows absolutely no actions on
root's part which could have led to this. so the only real thing i can
think of is an ICMP redirection, and
/proc/sys/net/ipv4/conf/eth0/allow_redirect was indeed at 1 (it's
changed now). however, the machine also has the following
ICMP-relevant iptables rules installed:
-p icmp --state ESTABLISHED -j ACCEPT
-p icmp -s 195.226.187.156/32 --icmp-type 8 -j ACCEPT
-p icmp --icmp-type 8 -j DROP
-p icmp -j LOG
-p icmp -j DROP
does the above iptables setup even permit an ICMP redirect?
AFAIK, there are only four connection-based ICMP packet types (#8, 13,
15, 17). ICMP redirect is never ESTABLISHED, only RELATED at the
most. but in as such, it should have been LOGged and DROPped! the logs
show nothing such.
can you think of other reasons why a machine would suddenly decide to
lose its default route?
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
\|/ _____ \|/
"@'/ , . \`@"
/_| \___/ |_\
\___U_/
Attachment:
pgpOhzpqaIjX0.pgp
Description: PGP signature