While acting as a router, RFC1812 "Requirements for IP Version 4
Routers" says that it must send out the ICMP redirects. Well, I
couldn't find a MUST for this but it is not described as optional
anywhere either.
According to RFC1122, your hosts aren't behaving: they should honour the
ICMP redirects:
3.2.2.2 Redirect: RFC-792
A host SHOULD NOT send an ICMP Redirect message; Redirects
are to be sent only by gateways.
A host receiving a Redirect message MUST update its routing
information accordingly. Every host MUST be prepared to
accept both Host and Network Redirects and to process them
as described in Section 3.3.1.2 below.
However they might be ignoring the redirects because of this next bit,
in conjunction with your transparent proxy setup:
A Redirect message SHOULD be silently discarded if the new
gateway address it specifies is not on the same connected
(sub-) net through which the Redirect arrived [INTRO:2,
Appendix A], or if the source of the Redirect is not the
current first-hop gateway for the specified destination (see
Section 3.3.1).
Also if any of your hosts are really routers (i.e., they have multiple
interfaces and forwarding switched on, or are running a routing
protocol), they may ignore the redirects.
All that said, you might try
echo 0 > /proc/sys/net/ipv4/conf/INTERFACE/send_redirects
Where INTERFACE is the name of the specific interface you want to
disable redirects on. Or "all" for all of them (but you probably
shouldn't do that). Do this _after_ turning on forwarding etc.
I don't know if it will work; unfortunately it's not documented in
ip-sysctl.txt.
-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/