Differences between version 3 and predecessor to the previous major change of DestinationNetworkUnreachable.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 3 | Last edited on Tuesday, June 1, 2004 11:38:26 pm | by PerryLorier | Revert |
| Older page: | version 1 | Last edited on Tuesday, June 1, 2004 11:07:18 pm | by MattBrown | Revert |
@@ -1,3 +1,9 @@
-ICMP reason subcode , used with ICMP reason code 3 to explain why a DestinationUnreachable message was sent.
+[
ICMP]
reason subcode , used with ICMP reason code 3 to explain why a DestinationUnreachable message was sent.
It is usally generated by a gateway when it does not have a route for the destination specified in the IP packet that caused the error.
+
+Note a server with a default gateway won't ever issue this message (since it always has a route for packets...).
+
+Reject routes can also solicit this error. I recommend you add the routes below to any machine that is physically on the internet. It'll make any packet that doesn't have a more specific route (via some VPN, or locally connected machine) generate an [ICMP] DestinationNetworkUnreachable message and not just leak random IP's out onto the Internet.
+ route add -net 10.0.0.0/8 reject metric 10000
+ route add -net 192.168.0.0/16 reject metric 10000
