I think you should reconsider either putting a real router on your network (and for example enable OSPF) or putting the VPN box on a firewall interface.
Sending ICMP redirect is not really efficient, as some OS (guess which ones) do not interpret them and just send the ICMP packets into oblivion. JF On Mon, 15 Mar 2004, S�bastien Cantos wrote: > Hello, > > I see lot of ICMP redir type 5 code 1 droped on my FW (NG FP3 Linux). I > didn't setup any rule to drop thos packets. Where can I disable the droping > of these packets which are needed. > > For example I've a VPN box on my network let's say 192.168.0.100. All the > boxes on 192.168.0.x are setup to use default route 192.168.0.254 (the fw). > On the fw I've specific routes for remote VPN networks (192.168.1.x for > example) to route packets through 192.168.0.100 . When the FW receives a > packet destinated to a remote VPN it sends a ICMP redir to the client to > tell him to use directly 192.168.0.100 as a gateway for this remote network. > But the FW1 software is droping these packets. So the traffic is always > transversing my firewall instead of directly going through the VPN box. > > > Regards, > -- > S�bastien Cantos <[EMAIL PROTECTED]> > Responsable r�seau et syst�mes > Neopost DIVA > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Jean-Francois Gobin - Administrateur gobinjf.be http://www.gobinjf.be mailto:[EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
