Shorewall users - May 2004 - Not send ICMP-Request

Hello; I new in Shorewall software and I am having problems with ICMP-Redirect,
the PC with shorewall doesn,t send ICMP-Redirect and I don,t Know what,s the
reason.

Scenary
- Two diferents ways to arrive to a remote server, one in the same local Lan
across a cisco router and other across the Firewall.
- A script at the shorewall server to detect if is possible to connect across
the first route and in a negative case change the route to the remote server to
the other way.

I need to point the clients route to the shorewall server, so I need that the
shorewall send the icmp-redirect to clients in order to point them to the router
cisco when is necesary.
I have even tested to allow all the trafic from all the zones to anywhere.
If I run shorewall clean, the system woks fine so is not a problem with the OS
or routes.

I have tested too the next steps thar I have read from other mails
"a) Restore NEWNOTSYN=No
b) In /etc/shorewall/init, add: echo 0 >
/proc/sys/net/ipv4/conf/$LOCAL_IF/send_redirects "
and doesn,t work


Thanks on advance.

In the future, please post in plain text and configure your mailer to fold 
long lines.

On Thu, 20 May 2004, Domingo Perez wrote:
> Hello; I new in Shorewall software and I am having problems with
> ICMP-Redirect, the PC with shorewall doesn,t send ICMP-Redirect and I
> don,t Know what,s the reason.
>
Please see http://shorewall.net/Multiple_Zones.html. It is accessed 
through the Documentation Index under the topic "Routing on One 
Interface".

For ICMP Redirect to work:

a) You must set ''routeback'' on the interface that you wish
redirects to be
sent on.

b) If you have NEWNOTSYN=No in shorewall.conf, then you must set the 
''newnotsyn'' option on that interface as well.
 
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net