Internal Routing redirection with IPcop?

I'm using IPcop as firewall and for site-to-site tunnels at one site.
The RED interface eth0 is 10.0.1.1/24 and I need to transition the local net by and by to 10.0.10.0/24
So far, I let a different host play the role of a router between 10.0.1.0/24 and 10.0.10.0/24
(when done, IPcop will be reconfigured accordingly and have that net directly attached)
I added a route at IPcop (via console) and adjusted tunnels accordingly
So now *remote* hosts can access the new LAN (and also old LAN) via tunnel
However, traffic between LANs does not work.
I do not want to add a specific route at each host in the old LAN as long as it is still in it.
Instead, in theory ICMP redirects should do the job good enough for a temporary situation
However, it seems that IPcop does not issue these redirects.
How can I make IPcop do so?
LVL 20
thehagmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Nayyar HH (CCIE RS)Network ArchitectCommented:
Can you do a rough sketch of your topolgy?
0
thehagmanAuthor Commented:
Is that sketch rough enough?
Almost all hosts can ping one another, for example 10.0.10.99 can ping 10.0.0.99:
The echo request goes from 10.0.10.99 to default gateway RTR-3, then default gateway RTR-2, then across the tunnel to RTR-1 and finally 10.0.0.99. The reply goes to RTR-1 (def. gw), across the tunnel targeting 10.0.10.0/24 to RTR-2, from there to RTR-3 by means of a specific route and finally to 10.0.10.99.

The only packet flow that does not work is from 10.0.1.99 to 10.0.10.99 (because 10.0.1.99 does not have a specific route to 10.0.10.0/24):
Any packet from 10.0.1.99 to 10.0.10.99 is transmitted to the def. gw RTR-2
This guy *knows* that the packet should be routed via RTR-3 and it *could* tell the sender about this with an ICMP redirect. However, it doesn't. The task is to make it send such redirects.

If there is no solution (and maybe even if there is one) I think I should distribute the specific route needed by DHCP option 249 and wade through the (few) statically configured hosts ...

toposketch.png
0
Nayyar HH (CCIE RS)Network ArchitectCommented:
I think icmp-redirect might be controlled at the OS level, Check to see if icmp-redirects are enabled there.

Try capturing traffic  to verify.

HTH.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
thehagmanAuthor Commented:
Thanks, meanwhile I established a workaround vie DHCP option 249 plus manual route for the few non-DHCP hosts
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.