On Fri, May 26, 2017 at 04:04:24PM -0700, David Ranch wrote:
Hey Brian, What about configuring an ICMP direct on the old IP to point to the new IP? --David KI6ZHD
Well, after thinking about it a bit and reading the relevant RFCs, I thought I'd give it a try and wrote some code in the router daemon to do this.
Unfortunately, the FreeBSD kernel prohibits a user-space process from sending ICMP Redirects - you get 'Permission denied' errors when you attempt to write one to the outgoing ICMP socket.
Too bad, it would have been an interesting experiment.
Maybe there's some way to fiddle the routing table so that the kernel itself sends them. I'll look into it, but a quick peek into the kernel source suggests it's not doable. - Brian
Hey Brian,
I thought the FreeBSD PF firewall can do this for you (check out the comments):
https://utcc.utoronto.ca/~cks/space/blog/unix/OpenBSDPfRedirIssue?showcommen...
--David KI6ZHD
Well, after thinking about it a bit and reading the relevant RFCs, I thought I'd give it a try and wrote some code in the router daemon to do this.
Unfortunately, the FreeBSD kernel prohibits a user-space process from sending ICMP Redirects - you get 'Permission denied' errors when you attempt to write one to the outgoing ICMP socket.
Too bad, it would have been an interesting experiment.
Maybe there's some way to fiddle the routing table so that the kernel itself sends them. I'll look into it, but a quick peek into the kernel source suggests it's not doable.
I'm not using PF, I'm using IPFW. I'd have to rework the entire firewall if I switched, and I'm lazy, I already know how to use ipfw whereas I'd have to learn pf.
Besides, I think I found a way around the kernel prohibition on sending ICMP REdirects using raw sockets so I may be able to do it in the router code after all. - Brian
On Sun, May 28, 2017 at 10:25:35AM -0700, David Ranch wrote:
Hey Brian, I thought the FreeBSD PF firewall can do this for you (check out the comments): https://utcc.utoronto.ca/~cks/space/blog/unix/OpenBSDPfRedirIssue?showcommen... --David KI6ZHD
-
Brian Kantor -
David Ranch