[4151] in linux-net channel archive
linux router/fw problems (icmp, arp, rip)
daemon@ATHENA.MIT.EDU (Stewart Allen)
Thu Aug 22 15:11:46 1996
Date: Thu, 22 Aug 1996 13:40:24 -0400 (EDT)
From: Stewart Allen <stewart@neuron.com>
Reply-To: Stewart Allen <stewart@neuron.com>
To: linux-net@vger.rutgers.edu
LinuxNet Gurus,
I'm having a slew of problems with a new linux router/firewall that we've
just installed.
First of all, it is doing a fabulous job of forwarding and firewalling
packets. It's about 2-3 times faster than the netblazer it replaced and
it has a lot more features.
However, there is a dark side. There seem to be major problems with
the way it handles ICMP redirects and route metrics.
The net today looks like this:
Internet <--> Linux/Firewall <--> Local_Network <--> Cisco <--> Frame_Cloud
PC's had a single static route to the Linux/Firewall and most Unix machines
use routed. When machines that use a single static route initiate outbound
connections... the first attempt fails. All subsequent connections succeed.
This is true only when traffic is going to the Frame_Cloud and requiring an
ICMP redirect. It happens for PC and UNIX machines with a static route. It
does not affect machines running routed (as they have routed everywhere and
do not receive ICMP redirects). This does not occur with with the Netblazer
or when we use the Cisco as the default router.
Second, routed or gated (I've tried both) on linux seems to ignore all
route metrics when adding entries into the kernel (they always get a 0).
This seems to be a major problem on the Linux/Firewall (or it's how it
hands out ICMP redirects). Either way, it neither received or propogates
information correctly via RIP.
Let me know if there's some other information that would be useful in
debugging this.
Thanks,
+-
| Stewart Allen ftp.neuron.com
stewart@mail.neuron.com http://www.neuron.com
617.492.2089 FAX 617.492.5837 Neuron Information Systems |
-+
