Starting an Interface without a Default Subnet Route
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Starting an Interface without a Default Subnet Route
Hi,
By default, when you start up an interface, a route is added in the routing table for the subnet that the interface is on. For example, if eth0 on my machine has an IP of 10.0.5.1 (with subnet mask 255.255.255.0), bringing up eth0 would automatically add a route in the routing table such as:
Is there any way to start up the interface without this default subnet mask? I want connections from the 10.0.5.0 network to be received on eth0 but returned through a different interface (which forwards to a gateway which then replies to the request). Thank you for your time.
that's not a route in the normal sense, you can't have an interface without the system knowing what subnet it is on. this doesn't have any real relation to your default gateway configurations etc... if you recieve a connection from a local machine and that's the only nic on that subnet then it'll be returned back to that machine from it. i can't see any real life scenario where you'd want to deviate from that...
Actually, one real life scenario where I want to deviate from this is my current LVS setup.
NLB:
10.0.0.1
172.16.0.1
App Server 1:
172.16.0.2
10.0.0.2 (we'll see why we need this)
App Server 2:
172.16.0.3
10.0.0.3 (we'll see why we need this)
Users of NLB:
In 10.0.0.X network as well as other networks
Admins:
In 10.0.0.X network
I have my web servers / application servers behind the NLB and they are on a different network than the the rest of the network (an LVS requirement) - the 172 network. So all requests go through the NLB and back out through it (LVS-NAT setup). However, there are admin ports that I don't want to through the NLB and want the admins to be able to access on the machines (application servers) directly on a per machine basis (the admin should know what machine they are on). So I've added the applicatons servers to the normal network so that the admins can access them directly on their management ports (without going through the NLB). However, normal users can't access them directly (I have a firewall on the application servers blocking access to port 80 except from the NLB). Since I can't differentiate between a user request and an admin request from the network they are coming from, I've set it up so that they all go out through the NLB (as a gateway). I can't have the 10.0.0.X subnet route up because otherwise the LVS-NAT would be confused (I'd have to change to LVS-DR).
that just looks like a nasty mess to me... i guess i would look at having a physically seperate admin network for them to sit on and keep normal users as far from that as possible.
only alternative could be some form of source nat on the network, to make the management clients appear to be coming from elsewhere in the first place, possibly by the client itself. fairly simple for a linux box to do, not sure about the windows side.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.