Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
default route 1
- Thread starter abovebrd
- Start date
This is from the route man page:
route [-v] [-A family] add [-net|-host] target [netmask
Nm] [gw Gw] [metric N] [mss M] [window W] [irtt I]
[reject] [mod] [dyn] [reinstate] [[dev] If]
-n show numerical addresses instead of trying to
determine symbolic host names. This is useful if
you are trying to determine why the route to your
nameserver has vanished.
-e use netstat(8)-format for displaying the routing
table. -ee will generate a very long line with all
parameters from the routing table.
del delete a route.
add add a new route.
target the destination network or host. You can provide IP
addresses in dotted decimal or host/network names.
-net the target is a network.
-host the target is a host.
netmask NM
when adding a network route, the netmask to be
route [-v] [-A family] add [-net|-host] target [netmask
Nm] [gw Gw] [metric N] [mss M] [window W] [irtt I]
[reject] [mod] [dyn] [reinstate] [[dev] If]
-n show numerical addresses instead of trying to
determine symbolic host names. This is useful if
you are trying to determine why the route to your
nameserver has vanished.
-e use netstat(8)-format for displaying the routing
table. -ee will generate a very long line with all
parameters from the routing table.
del delete a route.
add add a new route.
target the destination network or host. You can provide IP
addresses in dotted decimal or host/network names.
-net the target is a network.
-host the target is a host.
netmask NM
when adding a network route, the netmask to be
- Thread starter
- #5
Stevenriz,
The route will disapear if you reboot the system. It is not permanent. You will have to re-esatblish the route upon reboot. There are several ways to do this. But methods can vary between OS plateforms.
I have used the S99route script with allot of success. Place in the /etc/rc.d/init.d and link to it from the rc2.d or rc3.d directory
# S99route statement
# This will set the default route
# vi S99route
# echo "setting default gateway"
# /etc/route add default
# chown root S99route
# chgrp sys S99route
# chmod 744 S99route
echo "setting default gateway"
/usr/sbin/route add default gw 192.168.1.1
I have also seen this approach on a version of Redhat.
/etc/sysconfig/network
vi network
#should be something like this
NETWORKING=yes
FORWARD_IPV4=false
HOSTNAME=my.host.com
GATEWAYDEV=eth0
GATEWAY=192.168.1.1
good luck
-Danny
dan@snoboarder.net
The route will disapear if you reboot the system. It is not permanent. You will have to re-esatblish the route upon reboot. There are several ways to do this. But methods can vary between OS plateforms.
I have used the S99route script with allot of success. Place in the /etc/rc.d/init.d and link to it from the rc2.d or rc3.d directory
# S99route statement
# This will set the default route
# vi S99route
# echo "setting default gateway"
# /etc/route add default
# chown root S99route
# chgrp sys S99route
# chmod 744 S99route
echo "setting default gateway"
/usr/sbin/route add default gw 192.168.1.1
I have also seen this approach on a version of Redhat.
/etc/sysconfig/network
vi network
#should be something like this
NETWORKING=yes
FORWARD_IPV4=false
HOSTNAME=my.host.com
GATEWAYDEV=eth0
GATEWAY=192.168.1.1
good luck
-Danny
dan@snoboarder.net
-
1
- #6
- Thread starter
- #7
For redhat, when adding a static route, you should really add this to the file:
/etc/sysconfig/static-routes
Which would look like this:
eth0 net 192.168.206.0 netmask 255.255.255.0 gw 192.168.200.3
This is read by the /etc/rc.d/init.d/network script, so if you use any redhat configuration tools (or linuxconf), and the network gets restarted, all your routes will come back to life! Putting them anywhere else will require that you manually execute the script that they are in.
Bruce Garlock
bruceg@tiac.net
/etc/sysconfig/static-routes
Which would look like this:
eth0 net 192.168.206.0 netmask 255.255.255.0 gw 192.168.200.3
This is read by the /etc/rc.d/init.d/network script, so if you use any redhat configuration tools (or linuxconf), and the network gets restarted, all your routes will come back to life! Putting them anywhere else will require that you manually execute the script that they are in.
Bruce Garlock
bruceg@tiac.net
- Thread starter
- #9
>>Putting them anywhere else will require that you manually execute the script that they are in.
Thats not really true.
As long as your script is linked to /etc/rc.d/rc2.d or rc3.d the system will execute the script for you at boot time, hence no manual execution needed.
or any of the rc.d boot files << /etc/rc.d/rc.local -Danny
dan@snoboarder.net
Thats not really true.
As long as your script is linked to /etc/rc.d/rc2.d or rc3.d the system will execute the script for you at boot time, hence no manual execution needed.
or any of the rc.d boot files << /etc/rc.d/rc.local -Danny
dan@snoboarder.net
I'm sorry, I should have clarified my earlier post. What I meant to say, is that if you use the /sbin/ifup, /sbin/ifdown script, it will take the settings in /etc/sysconfig/static-routes into consideration. I realize that when you boot the system, it would execute the route commands (if you placed them in the init.d dir), but if you were bringing the interface down/up, having the routes in the static-routes file, will be read *while* the system is still up, requiring no more user intervention.
This is all true of a RedHat system. I cannot speak for how other systems utilize their scripts. Bruce Garlock
bruceg@tiac.net
This is all true of a RedHat system. I cannot speak for how other systems utilize their scripts. Bruce Garlock
bruceg@tiac.net
- Thread starter
- #11
I actually found this out the "hard" way one time. I used to keep all my static routes in /etc/rc.d/rc.local until one day I was installing a RH update. I have a daemon that runs, and keeps a md5sum of all system binaries, and when they change *poof* the main interface is brought down. This is to prevent possible root kits.
Well, when I brought the interface back up, I wondered what happened to the 4 routes to our remote buildings went, and then it dawned on me that I was only setting these routes at boot. Once I did some research, I found out that /etc/sysconfig/static-routes is read by the /sbin/ifup script, and if I ever forget to shut down that daemon before applying patches, I wont have to manually enter them
- Bruce
Bruce Garlock
bruceg@tiac.net
Well, when I brought the interface back up, I wondered what happened to the 4 routes to our remote buildings went, and then it dawned on me that I was only setting these routes at boot. Once I did some research, I found out that /etc/sysconfig/static-routes is read by the /sbin/ifup script, and if I ever forget to shut down that daemon before applying patches, I wont have to manually enter them
- Bruce
Bruce Garlock
bruceg@tiac.net
fatcodeguy
Programmer
I'm new to linux and I'm a bit confused. I'm installing a linux gateway, all my servers are already installed, now I just need to actually integrate the box in. It already has one NIC (eth0), 192.168.1.1, so I need another NIC (eth1) with static IP XXX.XXX.XXX.XXX provided by my cable modem... The eth1 recieves packets coming in, and eth0 feeds to the hub, where workstations leech from. Now all I need for the second to route to the first is:
eth0 net 192.168.1.1 netmask 255.255.255.0 gw XXX.XXX.XXX.XXX
Is this right? and where would I put it...
Thanks alot, appreciate any help
eth0 net 192.168.1.1 netmask 255.255.255.0 gw XXX.XXX.XXX.XXX
Is this right? and where would I put it...
Thanks alot, appreciate any help
What does 'netstat -rn' show (you can blurp out the static IP address for security purposes) Bruce Garlock
bruceg@tiac.net
bruceg@tiac.net
Hi,
If you are trying to share an internet connection you cannot use simple routing. This is because the rfc 1918 address ranges are not routable through the internet in the reply sense. You can route a packet from 192.168.1.1 to but you'll never get a reply because there is no return route to a rfc 1918 address. I.e. those in these ranges :
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
The solution ? You use NAT (network address translation) whereby the box doing the nat zaps the origin address with its own (real) IP address and does the reverse when the reply is received. In linux, this flavor of NAT is is called 'ip masqurading' and you do it with the firewall s/w - either iptables from kernel 2.4 onwards or ipchains before that.. The code looks like :
echo 1 >/proc/sys/net/ipv4/ip_forward
/sbin/modprobe ip_tables iptable_nat iptable_nat_ftp
/sbin/modprobe ip_conntrack ip_conntrack_ftp
/sbin/iptables -P FORWARD DROP
/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE
or for ipchains....
echo 1 >/proc/sys/net/ipv4/ip_forward
/sbin/modprobe ipchains
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i eth1 -s 192.168.1.0/24 -j MASQ
Its difficult to say where the best place to put that stuff is as it depends on your distro and on what firewalling code you may already be running. One place that normally works is in the /etc/rc.d/rc.local script (redhat, mandrake, etc.) or the equivalent on other distros.
On the client side, you have to set their default gateway as the lan interface on the linux box, i.e. 192.168.1.1 . You also have to configure their TCP/IP setup so that the relevant dns servers are accessed. (do a 'cat /etc/resolv.conf' on the linux box for the IP addresses).
Always providing that you can already access the internet sitting at the linux box (!) , then the above should be enough to get anyone on the lan subnet transparently using the linux eth1 connection to the internet.
You shouldn't need to put an explicit route from eth0 to eth1 on the linux box because it should 'know' what subnets are on what interface once the interface is 'up'. Obviously, the eth1 would have to be the default gateway, however.
Hope this helps
If you are trying to share an internet connection you cannot use simple routing. This is because the rfc 1918 address ranges are not routable through the internet in the reply sense. You can route a packet from 192.168.1.1 to but you'll never get a reply because there is no return route to a rfc 1918 address. I.e. those in these ranges :
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
The solution ? You use NAT (network address translation) whereby the box doing the nat zaps the origin address with its own (real) IP address and does the reverse when the reply is received. In linux, this flavor of NAT is is called 'ip masqurading' and you do it with the firewall s/w - either iptables from kernel 2.4 onwards or ipchains before that.. The code looks like :
echo 1 >/proc/sys/net/ipv4/ip_forward
/sbin/modprobe ip_tables iptable_nat iptable_nat_ftp
/sbin/modprobe ip_conntrack ip_conntrack_ftp
/sbin/iptables -P FORWARD DROP
/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE
or for ipchains....
echo 1 >/proc/sys/net/ipv4/ip_forward
/sbin/modprobe ipchains
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i eth1 -s 192.168.1.0/24 -j MASQ
Its difficult to say where the best place to put that stuff is as it depends on your distro and on what firewalling code you may already be running. One place that normally works is in the /etc/rc.d/rc.local script (redhat, mandrake, etc.) or the equivalent on other distros.
On the client side, you have to set their default gateway as the lan interface on the linux box, i.e. 192.168.1.1 . You also have to configure their TCP/IP setup so that the relevant dns servers are accessed. (do a 'cat /etc/resolv.conf' on the linux box for the IP addresses).
Always providing that you can already access the internet sitting at the linux box (!) , then the above should be enough to get anyone on the lan subnet transparently using the linux eth1 connection to the internet.
You shouldn't need to put an explicit route from eth0 to eth1 on the linux box because it should 'know' what subnets are on what interface once the interface is 'up'. Obviously, the eth1 would have to be the default gateway, however.
Hope this helps
- Status
Similar threads
- Locked
- Question