Opened 9 years ago

Closed 9 years ago

#4397 closed defect (wontfix)

router sends invalid "redirect host" (icmp) message

Reported by: allgemein@… Owned by: developers
Priority: low Milestone:
Component: kernel Version:
Keywords: icmp redirect host invalid Cc:


My router has two different networks (A and B) configured on one network interface. Traffic for specific destination hosts originating from network A is supposed to be routed through a gateway in network B.
In general this setup works as expected.

But even though the networks A and B have different address ranges, the wrt occassionally sends icmp type 5 code 1 ("redirect host") messages to hosts in network A. This violates the definition of this ICMP message.
See the rfc ( and a short abstract ( for details.

These ICMP messages cripple the connections from hosts in network A to network B significantly. I "fixed" this by adding the following iptables rule:

iptables -I OUTPUT -d -p icmp --icmp-type host-redirect -j DROP

This blocks any outgoing icmp "redirect host" messages from the wrt. I did not experience any further problems since then.

My current setup is:

  • Linksys WRT54G
  • Kamikaze 7.09
  • Linux 2.6.22

the two networks on the lan bridge interface:

root@OpenWrt:~# ifconfig br-lan; ifconfig br-lan:0
br-lan    Link encap:Ethernet  HWaddr 00:0F:66:5B:61:5C  
          inet addr:  Bcast:  Mask:
          RX packets:1722434 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2197793 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:647949119 (617.9 MiB)  TX bytes:1999827114 (1.8 GiB)

br-lan:0  Link encap:Ethernet  HWaddr 00:0F:66:5B:61:5C  
          inet addr:  Bcast:  Mask:

The routing:

root@OpenWrt:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface UH    0      0        0 ppp0 UG    0      0        0 br-lan   U     0      0        0 br-lan   U     0      0        0 br-lan         UG    0      0        0 ppp0

Do you have any ideas, how I could debug this behaviour?

Attachments (0)

Change History (1)

comment:1 Changed 9 years ago by nico

  • Resolution set to wontfix
  • Status changed from new to closed

Your network setup is wrong, the router send icmp redirects to hosts on network A when they're accessing the gateway on network B because they're physically on the same network and there's no need to route packets to the router for that.

Anyway, there's no need to add an iptables rule to disable icmp redirects. Just add the following line to /etc/sysctl.conf

net.ipv4.conf.all.send_redirects = 0

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.