LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Starting an Interface without a Default Subnet Route (https://www.linuxquestions.org/questions/linux-networking-3/starting-an-interface-without-a-default-subnet-route-478514/)

LinuxGeek 08-29-2006 02:52 PM
Starting an Interface without a Default Subnet Route
 
Hi,
By default, when you start up an interface, a route is added in the routing table for the subnet that the interface is on. For example, if eth0 on my machine has an IP of 10.0.5.1 (with subnet mask 255.255.255.0), bringing up eth0 would automatically add a route in the routing table such as:

route -n

Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.5.0 0.0.0.0 255.255.255.0 UH 0 0 0 eth0
...
...

Is there any way to start up the interface without this default subnet mask? I want connections from the 10.0.5.0 network to be received on eth0 but returned through a different interface (which forwards to a gateway which then replies to the request). Thank you for your time.

acid_kewpie 08-29-2006 03:11 PM
that's not a route in the normal sense, you can't have an interface without the system knowing what subnet it is on. this doesn't have any real relation to your default gateway configurations etc... if you recieve a connection from a local machine and that's the only nic on that subnet then it'll be returned back to that machine from it. i can't see any real life scenario where you'd want to deviate from that...

LinuxGeek 08-30-2006 03:47 AM
Actually, one real life scenario where I want to deviate from this is my current LVS setup.

NLB:
10.0.0.1
172.16.0.1

App Server 1:
172.16.0.2
10.0.0.2 (we'll see why we need this)

App Server 2:
172.16.0.3
10.0.0.3 (we'll see why we need this)

Users of NLB:
In 10.0.0.X network as well as other networks

Admins:
In 10.0.0.X network

I have my web servers / application servers behind the NLB and they are on a different network than the the rest of the network (an LVS requirement) - the 172 network. So all requests go through the NLB and back out through it (LVS-NAT setup). However, there are admin ports that I don't want to through the NLB and want the admins to be able to access on the machines (application servers) directly on a per machine basis (the admin should know what machine they are on). So I've added the applicatons servers to the normal network so that the admins can access them directly on their management ports (without going through the NLB). However, normal users can't access them directly (I have a firewall on the application servers blocking access to port 80 except from the NLB). Since I can't differentiate between a user request and an admin request from the network they are coming from, I've set it up so that they all go out through the NLB (as a gateway). I can't have the 10.0.0.X subnet route up because otherwise the LVS-NAT would be confused (I'd have to change to LVS-DR).

acid_kewpie 08-30-2006 04:07 AM
that just looks like a nasty mess to me... i guess i would look at having a physically seperate admin network for them to sit on and keep normal users as far from that as possible.

LinuxGeek 08-30-2006 04:42 AM
I agree with you it's a mess :D However, I doubt I can convince them to create a seperate management network. Thanks for your help.

acid_kewpie 08-30-2006 06:46 AM
only alternative could be some form of source nat on the network, to make the management clients appear to be coming from elsewhere in the first place, possibly by the client itself. fairly simple for a linux box to do, not sure about the windows side.


All times are GMT -5. The time now is 02:20 AM.