how do you make the route table/defaults stick on reboot?
After several days i've managed to get my firewall box routed some. It has three NICs... i use RH8.
eth0 is the Inet_iface
eth1 is the Lan_iface
eth_2 is the DMZ_iface
I robbed an IPtables file from my other rh8 box and got the darned thing to the net finally... so the Iptables will sort later.. but for now...
iptables -L yields a nice long list of standard medium RH firewall rules... and it goes to the net... who cares how secure for now... no use sending me three pages of fancy three legged IPtable rules unless the network works? Right now Iptables is installed and works as does ip-forward =1. All three NIC cards are up and have unique mac addr.
i would like to save this route table permanently? please share the commnads to do that?
to get the route to work with all three cards up i did some temporary commands. and got the thing up ex:
/sbin/route add default gw 22.214.171.124 dev eth0, then eth1, then eth2
Destination Gateway GenMask Flags Metric ref Iface
192.168.1.0 * 255.255.255.0 U 0 0 eth2
192.168.0.0 * 255.255.255.0 U 0 0 eth1
126.96.36.199 * 255.255.0.0 U 0 0 eth0
127.0.0.0 * 0.0.0.0. U 0 0 lo
default 206.97.61..ip. 0.0.0.0. UG 0 0 eth0
the /etc/sysconfig/network-scripts ifcfg-ethx files
Gateway 188.8.131.52.ip. ( I do not understand the .ip.?) it works?
this route seems to be ok, at least I can get the box to the net finally.
I know IF I reboot it is gone... and will have to be redone... I guess the next step would be to lock in this route? ideas?
i'm not too familiar with RH or debian, but i'd just script it to make the routes on boot. the commands you issue are things like
route add <blah>,
so just put the list of commands you issue to setup the routing in a startup script.
i don't know where to look on RH or debian (it's in /etc/rc.d/rc.inet2 in slackware), but i'd just put those route commands in the startup script that starts all your network services (iptables, various daemons, etc.).
You can use:
Here's several others with the same ? I will go check out the static-routes as a way to get it stuck, thanks much David,
well you can put all the route command you used in /etc/rc.d/rc.local so they will get run everytime the machine is restarted. Why would you need to restart the network service? My linux firewall/router has been up for 108 days, and I've never had to touch it. Just wondering.
Comment from aleksandrzingorenko Date: 07/18/2003 12:18PM PDT In that case (and in light of some new information I found out), I will rephrase my question. As I can see, when I restart the network, some program resets the routing table to the weird defaults and changes the /proc/net/route file. What program does this, where does it get these defaults from, and how do I make it set up the correct routing table instead when the network is started/restarted?
Comment from jlevie Date: 07/18/2003 03:58PM PDT A more appropriate question is what routes are set up by default and what changes do you find necessary and why? Comment from brabard Date: 07/21/2003 01:48AM PDT /proc/net/route is an informational file , not comand . It is changed every time a route has been added/deleted . The first thing ../network restart do is to restart interfaces . After that it makes routing table as it is in your ifcfg- scripts writen . Usualy there is paths to networks to witch interfaces belongs and the dafault gateway . If you want to put new routes in rc.local as jar3817 said it will work on reboot , but not in network reload , because this command do not restart rc.local .
Comment from aleksandrzingorenko Date: 07/21/2003 09:41AM PDT This is in response to jlevie's comment. I have three NICs in the firewall machine, eth0 through eth2. eth0 is the external interface, while eth1 is the interface to the computers protected by the firewall; eth2 is currently unconnected. Whenever I reboot the firewall machine (or merely restart the network by running the network script with the restart option) and then run route or netstat -r, I see two identical routes to the network protected by the firewall (private IP range) through eth2 instead of eth1, and I also see a route to some Class B network through eth2 which is completely out of place - I have never entered such IP addresses anywhere on the firewall machine or anywhere else. Hence, every time a network restart occurs, I must manually delete the 3 errant routes to eth2 and add the correct one to eth1. Furthermore, if I try to run an ifcfg script which binds a range of IP aliases to eth0 - very simple script, only contains starting and ending IP address and starting clonenumber - the routing table is even stranger, among other things, it has 3 identical default destinations even though there should only be one. I would really like to know if it is at all possible to prevent this "damage" to the routing tables and have the correct one load each time the network is started/restarted.
course this all academic... I changed one setting after the post this AM and the whole thing went bloohie.... (bloohie is very tech term for time for dinner)
|All times are GMT -5. The time now is 01:21 PM.|