[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ICMP redirect



tadas@silvernet.kis.lt writes:

> I would like to ask about the icmp messasages sending in linux
> 2.4.x. I have two subnets: 192.168.0.0/24 and 192.168.1.0/24 on the
> same ethernet segment. There is a gateway in each subnet
> (192.168.0.1 and 192.168.1.1). Clients use netmask
> 255.255.255.0. Routers have their own default routes (through DSL)
> and additional route to neighboring subnet:
>
> For example, router on 192.168.0.1:
>
> ip route add 192.168.1.1 dev eth0
> ip route add 192.168.1.0/24 via 192.168.1.1
>
> The problem is that client get redirect only for 1 hop: for instance 
> 192.168.0.x client accesses 192.168.1.x, receives redirect from 192.168.0.1 
> that advises to send through 192.168.1.1.

Unless I'm confused about what ip(8) does, there shouldn't be ICMP
redirects issued at all.  Reading RFC 777 makes it clear that, in this
case, a redirect is inappropriate: a message from
192.168.0.17 to 192.168.1.34 goes to 192.168.0.1 first, which forwards
it on to 192.168.1.1, but that's not on 192.168.0.0/24 and so the
source and next hop aren't on the same network.

> How can I configure routers so the clients could send traffic
> directly to each other?

You don't.  You could configure the clients so that they know they're
on both networks, though; it's probably easier if you gave each
machine an IP address on both networks so things don't get confused.

(Which leads to the question of why you're doing this.  I have
something similar set up at home, but one network gets NATted and the
other goes through an IP-over-IP tunnel.  My desktop machine has
addresses on both networks; my laptop only on the tunnelled network,
the wireless access point only on the NAT network.  I can ping the
WAP's IP address just fine, with everything going through the router,
but that's not a big deal.)

> Is it necessary to add additional address'es to gateway so they
> would have their own addresses for each subnet?

Probably wouldn't hurt; I'd guess it is necessary but can't say for
sure.  Or you could do all of this with just one gateway, still on
both networks.

-- 
David Maze         dmaze@debian.org      http://people.debian.org/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell



Reply to: