4

tldr;

where does a Linux system store route redirects from its default gateway?

First some context:

network1 192.168.1.0/24
default gw: 192.168.1.1
host1: 192.168.1.10
host2: 192.168.1.20

network2: 192.168.2.0/24
default gw: 192.168.2.1
host3: 192.168.2.10

host1 has a vpn connection to network2 and can ping host3
host1 is sharing the vpn connection using ip_forward and iptables, and can be used as a gateway

host2 has host1 configured as default gw, because of that it can ping host3

 ┌────────vpn────────────┐  
 │      ┌───────────────┐│  
 │      │               ││  
 │    ┌─┴─┐           ┌─┴┼┐ 
 │    │gw1│           │gw2│ 
 │    └─┬─┘           └─┬┼┘ 
 │      │               ││  
 │      │               ││  
┌┼────┐ │ ┌─────┐    ┌──┴▼─┐
│host1├─┴─┤host2│    │host3│
└─▲───┘   └───┬─┘    └─────┘
  └─default─gw┘

Setting up the test case:

  • if host2 pings anything outside its own subnet, after the first reply from the target it gets a reply from host1 "Redirect Host(New nexthop: 192.168.1.1)" so instead of sending the outgoing traffic to 192.168.1.10 it is asked to send it directly to the default gw, which is perfectly fine if there is no route from host1 to this specific address.

  • If host2 pings host3 it gets the expected successful reply

  • While still pinging from host2 to host3, I disconnect host1 from the VPN connection, so now there is no more route to network2

  • As expected host2 can't reach host3 anymore but it also gets the same "Redirect Host(New nexthop: 192.168.1.1)", so it is asked to use the default gateway instead as there is no valid route on host1 to network2 anymore.

Problem:

  • Even if the vpn connection comes back up, host2 can't reach host3 because it was asked to use the default gw instead.
  • After a timeout of 5 minutes the redirect seems to be reevaluated as the route goes back to host1 and as so will be able to reach host3 again. (I tested it, it repeats itself every 294 seconds)

Solutions:

  • I can create a static route to network2 that overrides the "new nexthop"
  • I can set accept_redirects to false `sysctl -w net/ipv4/conf/eth0/accept_redirects=0

Questions:

  • Where is this information stored on a Linux system, lets say Ubuntu 24.04?
  • The routing table does not show the redirects. Can this even be listed? Can it be modified?
Improve this question
6
  • 1
    host1 and host2 both have the ip address 192.168.1.10? Commented Sep 27 at 8:06
  • @SottoVoce sorry, that was a typo. fixed it Commented Sep 27 at 15:46
  • @Dru That is true, as soon as the VPN connection closes, the relevant routes are gone too. But that's not my point or question, the question is, where does host2 store the information about the redirect. I can only see the redirect during my ping, but I can't find the table that stores the actual redirect information. Commented Sep 27 at 15:57
  • @Dru The accepted answer shows the commands to list the redirects host2 received. ip route show cache will show something like this: 192.168.2.10 via 192.168.10.1 dev enp1s0 cache <redirected> expires 295sec. Commented Sep 29 at 17:55
  • This is not at all about the right way to do things. Also the MRE is not based on the actual problem, but it can for sure be used to simulate the problem. I simply need to be able to tell what redirects where received by a host to have proof for it. So you might have guessed it by now, it also is a bureaucratic problem. But thanks for your inputs. Commented Sep 29 at 23:33

2 Answers 2

Reset to default
3

Redirects and PMTUD results are stored in the route cache:

ip route show cache

ip route flush cache
Improve this answer
0

The routing table(s) are stored "in the kernel". A start is maybe route.h. You can access this information here /proc/net/route or with a tool like ip route. The same is true for the net configs. You can read e.g. the file /proc/sys/net/ipv4/conf/default/accept_redirects or use a tool like sysctl -n net.ipv4.conf.all.accept_redirects.

If you want to persist your configuration over reboots you have to use one of the many network configuration tools.

If you use e.g. systemd-networkd you can add the [Route] section to the network file. The sysctl settings can be added to /etc/sysctl.d.

Improve this answer
1
  • 1
    I can read the status of accepting redirects from /proc/sys/net/ipv4/conf/default/accept_redirects but I can't actually see them. They are not listed in ip r s. The question is: Is there a way to show all the redirects triggered by the default host? Commented Sep 27 at 15:55

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.