search for: accept_redirects

Hi All, I was having trouble to enable all.accept_redirects due to our network structure, we have to enable it, but all libvirt installed machines contain this setting: net.ipv4.conf.all.accept_redirects = 0 I even use sysctl.conf to force to enable it, still no go, anyone know why? -- Thomas Lau Director of Infrastructure Tetrion Capital Limited Direct...

...-j ACCEPT $IPTABLES -t nat -A PREROUTING --dst 192.168.42.1 -p tcp --dport 2424 -m comment --comment "test" -j DNAT --to-destination 10.0.0.20:2424 cat >> /etc/sysctl.conf << 'EOF' # Custom Settings for Forwarding and OpenSwan net.ipv4.ip_forward=1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 EOF sysctl -p So, in 10.0.0.20 I do "nc -l 2424". But when I go to hostc and then try to do "nc -v 192.168.41.1 2424", connection does not take place. Th...

in /etc/sysctlsysctl.conf net.ipv6.conf.all.accept_ra = 1 net.ipv6.conf.all.autoconf = 1 net.ipv6.conf.eth0.accept_ra = 1 net.ipv6.conf.eth0.autoconf = 1 when i run cat /etc/sysctl.conf | grep ipv6 #net.ipv6.conf.all.forwarding=1 #net.ipv6.conf.all.accept_redirects = 0 #net.ipv6.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_ra = 1 net.ipv6.conf.all.autoconf = 1 net.ipv6.conf.eth0.accept_ra = 1 net.ipv6.conf.eth0.autoconf = 1 and git pull error: Failed to connect to 2001:638:603:d06e::80:230: Network is unreachable while accessing http://git.samb...

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 ------- We haven't seen this

.../sysctl.conf #kernel.printk = 3 4 1 3 #net.ipv4.conf.default.rp_filter=1 #net.ipv4.conf.all.rp_filter=1 #net.ipv4.tcp_syncookies=1 net.ipv4.ip_forward=1 #net.ipv4.conf.br0.proxy_arp=1 #net.ipv4.conf.eth0.proxy_arp=1 #net.ipv4.conf.eth1.proxy_arp=1 #net.ipv6.conf.all.forwarding=1 #net.ipv4.conf.all.accept_redirects = 0 #net.ipv6.conf.all.accept_redirects = 0 #net.ipv4.conf.all.send_redirects = 0 #net.ipv4.conf.all.accept_source_route = 0 #net.ipv6.conf.all.accept_source_route = 0 #net.ipv4.conf.all.log_martians = 1 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridg...

On Fri, 28 Aug 2015 17:27:03 -0400 Sonic <sonicsmith at gmail.com> wrote: [snip] > > I've never experienced a problem sending to the list. Also any > properly working mail server should have worked as well. If one MX > server doesn't answer it should try the next one... as long as one is > up the mail should go through. Yeah, I know how it's supposed to work, I

I do not working with ipv6, I have disable, but I have the same error, I can read in internet that this ipv6 ip 2001:638:603:d06e::80:230: belong to url samba.org.... If I try to connect to this url using some navegator I connected perfect....but when I run git pull using command line I can not connect.. > Am 28.02.2015 um 15:37 schrieb sandy.napoles at eccmg.cupet.cu: >> Hello list,

...net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.default.log_martians = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 vm.vfs_cache_pressure = 35 vm.nr_hugepages = 512 net.ipv4.tcp_max_syn_backlog = 2048 fs.aio-max-nr = 1048576 vm.dirty_background_ratio = 3 vm.dirty_ratio = 40 After making changes, do you have any recommendations on which tools to use to monitor those...

...FORWARD DROP /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects /bin/echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses /bin/echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter /bin/echo "1" > /proc/sys/net/ipv4/conf/all/log_martians iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT...

...u think, I can send you the script I use (with iptables) to manage my firewall, so you can check it... The only entries I have, having something to do with ICMP, are: ---------------------------------- /bin/echo -n "Disable ICMP Redirect acceptance..." for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do /bin/echo 0 > $f done /bin/echo "done." /sbin/iptables -A INPUT -i dsl0 -p icmp --icmp-type echo-request -m limit --limit 6/m --limit-burst 5 -j ACCEPT /sbin/iptables -A FORWARD -o dsl0 -p icmp -j ACCEPT ---------------------------------- and of course other rules to allow ICM...

...script I use (with iptables) to manage > my firewall, so you can check it... > The only entries I have, having something to do with ICMP, are: > > ---------------------------------- > /bin/echo -n "Disable ICMP Redirect acceptance..." > for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do > /bin/echo 0 > $f > done > /bin/echo "done." > /sbin/iptables -A INPUT -i dsl0 -p icmp --icmp-type echo-request -m > limit --limit 6/m --limit-burst 5 -j ACCEPT > /sbin/iptables -A FORWARD -o dsl0 -p icmp -j ACCEPT > ---------------------------------- >...

...t I do: We have machine A with ip 192.168.0.121. We have machine B with ip 192.168.0.10. On a machine A (192.168.0.121) I ran: route add -net 192.168.0.10 netmask 255.255.255.255 gw 192.168.0.189 The 192.168.0.189 machine, has forwarding and send_redirect set to 1. machine A (192.168.0.121) has accept_redirects set to 1. Now I run "ping 192.168.0.10". I get a redirect: (as should indded be the case under these circumstances): PING 192.168.0.10 (192.168.0.10) 56(84) bytes of data. 64 bytes from 192.168.0.10: icmp_seq=1 ttl=64 time=0.194 ms >From 192.168.0.189: icmp_seq=2 Redirect Host(New n...

...d a iptable rule like: /sbin/iptables -A PREROUTING -t mangle -i eth1 -s 192.168.1.10 -p TCP --dport 80 -j MARK --set-mark 1 and ip rule add fwmark 1 lookup 10 ip route add default via 192.168.2.2 dev eth3 then I have this kernel parameters: echo "1" > /proc/sys/net/ipv4/conf/eth3/accept_redirects echo "1" > /proc/sys/net/ipv4/conf/eth3/accept_source_route I remember that I had to use those parameter but this doesn''t work, interesting is that I can successfully configure: ip rule from 192.168.1.5 lookup 10 Any help would be great. Matt.

...broadcasts = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_window_scaling = 0 net.ipv4.tcp_sack = 0 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1800 net.ipv4.tcp_low_latency = 1 net.ipv4.tcp_ecn = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.log_martians = 1 net.ipv4.ip_conntrack_max = 8192 net.ipv4.hashsize = 1023 net.ipv4.ip_local_port_range = "32768 61000" and after this, that linux put in their "/var/log/messages" next: Mar 1 14:08:16 morpheus kernel: host 192.168.212.17/if4 ignores redi...

Am 23.06.2020 10:07, schrieb Marek Greško: Hi > this is a correct response: > > From 62.156.246.57 (62.156.246.57) icmp_seq=1 Frag needed and DF set > (mtu = 1492) > > So PMTU discovery is working. No problem here. You got correct message > to lower the packet size from 62.156.246.57. This is probably the last > hop before your site. No, the last hop is 62.156.246.65:

...ipv4/icmp_echo_ignore_broadcasts #Block source routing echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route #Kill timestamps echo 0 > /proc/sys/net/ipv4/tcp_timestamps #Enable SYN Cookies echo 1 > /proc/sys/net/ipv4/tcp_syncookies #Kill redirects echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects #Enable bad error message protection echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses #Log martians (packets with impossible addresses) echo 1 > /proc/sys/net/ipv4/conf/all/log_martians # 3.2 Non-Required proc configuration #echo "1" > /proc/sys/net/ipv4/conf/all/rp...

Hello. I'm moving from a very old Fedora Core 1 to CentOS 4.4, what a change!! Three year ago, I wrote some script (network related) and worked very well. Now, I can put into init.d by means of chkconfig and I restarted the system, but always hang when executing my srcipt (in my new centos 4.4). There a manual for making scripts for init.d? there is some new requirement by which it does not

hi folks, after long trying i need some help from the big world :-) question ******** when I boot a guest system, tried debian 6.0.2 amd64 firmware, I get errors like: 1) after click install on debian 6.0.2 installer [0.642450] vbd vbd-5632: 19 xenbus_dev_probe on device/vbd/5632 [0.642911] vbd vbd-5632: failed to write error node for device/vbd/5632 (19 xenbus_dev_probe on device/vbd/5632) 2)

hi folks, after long trying i need some help from the big world :-) question ******** when I boot a guest system, tried debian 6.0.2 amd64 firmware, I get errors like: 1) after click install on debian 6.0.2 installer [0.642450] vbd vbd-5632: 19 xenbus_dev_probe on device/vbd/5632 [0.642911] vbd vbd-5632: failed to write error node for device/vbd/5632 (19 xenbus_dev_probe on device/vbd/5632) 2)