tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Bridged ethernet with ipnat redirect to local port - getting ICMP redirects instead
On 6/07/2014 2:00 AM, Thomas Bieg wrote:
> Hello,
>
> I am stuck trying to redirect HTTP requests targeted outside to a
> local httpd
> via a bridged and ipf'ed ethernet port.
> ...
> I was expecting/hoping ipnat would silently redirect connections
> coming in on
> re1 and intended for 1.2.3.4 to the local httpd on re0, but instead
> it's sending
> out ICMP redirects on re1.
>
> Shouldn't that work? Or is there something I missed?
First thing to try is to have the DHCP server include this line in
dhcpd.conf:
option wpad-url code 252 = text;
and then add this to the dhcp definition for your TV:
option wpad-url "http://192.168.1.1/wpad.dat";
with the appropriate data on your local web server in wpad.dat.
Yes, that's just a proxy definition but I suspect that what you want
to do is capture and control all WWW sessions from your TV andproxy
is another way to do that. Be aware that it may default tousing port
443 and CONNECT if it is doing https.
With respect to the ICMP redirect issue, I suspect that this is down
to poor feature interaction in NetBSD and bridging. Somewhere the code
is treating re0 and re1 as separate interfaces (and thus sending an
ICMP redirect) when in fact they should be treated as one.
This patch might help:
--- sys/netinet/ip_input.c.orig 2012-12-04 07:58:30.000000000 +1100
+++ sys/netinet/ip_input.c 2014-07-06 20:59:33.000000000 +1000
@@ -1452,7 +1452,9 @@
*/
dest.s_addr = 0;
if (!srcrt && V_ipsendredirects &&
- ia != NULL && ia->ia_ifp == m->m_pkthdr.rcvif) {
+ ia != NULL && ia->ia_ifp == m->m_pkthdr.rcvif &&
+ (ia->ia_ifp->if_bridge == NULL ||
+ ia->ia_ifp->if_bridge != m->m_pkthdr.rcvif)) {
struct sockaddr_in *sin;
struct rtentry *rt;
Cheers,
Darren
Home |
Main Index |
Thread Index |
Old Index