Accessibility Resource Center Skip to main content
Get it fast with In-store & curbside pickup or same day delivery.

Static Routes not presented to dhcp clients?

SOLVED
Reply
Ferretcomp
Contributor
Contributor
Posts: 1
Registered: ‎09-05-2016

Static Routes not presented to dhcp clients?

Message 1 of 5
(2,471 Views)

I have a static route setup for a different network behind a pfsense box, and none of the dhcp clients on the router get that route passed to them. Is there a checkbox I missed, or is it a shortcoming of the FiOS-G1100 router? Thanks in advance for any info!

1 ACCEPTED SOLUTION

Accepted Solutions
Brimmstone
Contributor
Contributor
Posts: 2
Registered: ‎05-03-2018

Re: Static Routes not presented to dhcp clients?

Message 3 of 5
(1,537 Views)

Static routes can most certainly be distributed to DHCP clients via Option 121 specified in RFC 3442 (https://tools.ietf.org/html/rfc3442).  Furthermore, most endpoints don't accept ICMP redirects because they are a giant gaping security hole.  ICMP messages are not authenticated and therefore the ICMP redirects make it trivial to set up a man-in-the-middle attack and intercept all traffic to/from an endpoint/subnet.

 

For what it's worth, the older ActionTec routers seemed to handle this properly.

View solution in original post

4 REPLIES 4
lasagna
Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 2,002
Registered: ‎05-27-2010

Re: Static Routes not presented to dhcp clients?

Message 2 of 5
(2,411 Views)

You are incorrectly understanding how routing and DHCP works.

 

DHCP doesn't distribute routes.  It provides the local IP address for a device to use and provides the "default route" for the device to use to reach it's next-hop router which in most home installations is usually the internet router (and the device providing the DHCP).

 

By placing a static route into your router, you are telling the router how to reach other networks as well as how to deliver traffic to other networks for traffic which is travelling THRU the router.  In this case, the traffic is not travelling thru the router, but instead is bouncing off the router (since the route points to another device on the same local network as the interface).  In such cases, routers will usually issue an ICMP redirect packet to instruct the system which incorrectly directed local traffic to it to send the traffic to the correct device (and provides the IP address of that device as given by the default route).  The initial system will then process this redirect packet and add a static route to it's own routing table so future packets are sent to the correct device.

 

In your case, one of two things are likely happening:

 

1. The G1100 is not issuing ICMP redirects.  Don't know enough about the router to know if this is a configurable option or feature.  But, it's not uncommon for some devices to be configured to not generate these packets as there is security risk associated with doing so.

 

2. The endpoint device initiating the traffic is receiving, but not honoring, the ICMP redirect.   Many local firewall packages will block these type of packets (so it be issued by the router, but blocked by the PC's firewall software), or the system itself may be configured to ignore them.

 

The correct way to resolve this is to add a permanent static route to each local device so that it sends the right networks the right router or to rearchitect your local network such that there is only one egress off the local LAN segment (using the pfsense box as the first hop for the network your PC is on and placing the router on a new segment behind the pfsense (this introduces other issues in that you need to make sure the G1100 has the static routing entry for your local LAN segment thru the pfsense).  

 

If you have packet sniffer software, you can run it on your endpoint and see if the ICMP redirect is being generated if you want to try to get the redirect to work so that you know which device to troubleshoot.  Remember to turn off local firewall software on the device first so nothing gets blocked.

Brimmstone
Contributor
Contributor
Posts: 2
Registered: ‎05-03-2018

Re: Static Routes not presented to dhcp clients?

Message 3 of 5
(1,538 Views)

Static routes can most certainly be distributed to DHCP clients via Option 121 specified in RFC 3442 (https://tools.ietf.org/html/rfc3442).  Furthermore, most endpoints don't accept ICMP redirects because they are a giant gaping security hole.  ICMP messages are not authenticated and therefore the ICMP redirects make it trivial to set up a man-in-the-middle attack and intercept all traffic to/from an endpoint/subnet.

 

For what it's worth, the older ActionTec routers seemed to handle this properly.

View solution in original post

jonjones
Platinum Contributor I
Platinum Contributor I
Posts: 5,233
Registered: ‎10-18-2016

Re: Static Routes not presented to dhcp clients?

Message 4 of 5
(1,530 Views)

@Brimmstonewrote:

Static routes can most certainly be distributed to DHCP clients via Option 121 specified in RFC 3442 (https://tools.ietf.org/html/rfc3442).  Furthermore, most endpoints don't accept ICMP redirects because they are a giant gaping security hole.  ICMP messages are not authenticated and therefore the ICMP redirects make it trivial to set up a man-in-the-middle attack and intercept all traffic to/from an endpoint/subnet.

 

For what it's worth, the older ActionTec routers seemed to handle this properly.


You are replying to a two years ago post. Long settled or answered.

ornahp
Moderator Moderator
Moderator
Posts: 2,219
Registered: ‎03-10-2011

Re: Static Routes not presented to dhcp clients?

Message 5 of 5
(1,526 Views)

Due to the age of this thread, it will be locked in order to keep discussions current. If you have the same or a similar question/issue we invite you to start a new thread on the topic.

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Covid19


Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.