LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 08-29-2006, 03:52 PM   #1
LinuxGeek
Member
 
Registered: Jun 2002
Posts: 302

Rep: Reputation: 31
Starting an Interface without a Default Subnet Route


Hi,
By default, when you start up an interface, a route is added in the routing table for the subnet that the interface is on. For example, if eth0 on my machine has an IP of 10.0.5.1 (with subnet mask 255.255.255.0), bringing up eth0 would automatically add a route in the routing table such as:

route -n

Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.5.0 0.0.0.0 255.255.255.0 UH 0 0 0 eth0
...
...

Is there any way to start up the interface without this default subnet mask? I want connections from the 10.0.5.0 network to be received on eth0 but returned through a different interface (which forwards to a gateway which then replies to the request). Thank you for your time.
 
Old 08-29-2006, 04:11 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
that's not a route in the normal sense, you can't have an interface without the system knowing what subnet it is on. this doesn't have any real relation to your default gateway configurations etc... if you recieve a connection from a local machine and that's the only nic on that subnet then it'll be returned back to that machine from it. i can't see any real life scenario where you'd want to deviate from that...
 
Old 08-30-2006, 04:47 AM   #3
LinuxGeek
Member
 
Registered: Jun 2002
Posts: 302

Original Poster
Rep: Reputation: 31
Actually, one real life scenario where I want to deviate from this is my current LVS setup.

NLB:
10.0.0.1
172.16.0.1

App Server 1:
172.16.0.2
10.0.0.2 (we'll see why we need this)

App Server 2:
172.16.0.3
10.0.0.3 (we'll see why we need this)

Users of NLB:
In 10.0.0.X network as well as other networks

Admins:
In 10.0.0.X network

I have my web servers / application servers behind the NLB and they are on a different network than the the rest of the network (an LVS requirement) - the 172 network. So all requests go through the NLB and back out through it (LVS-NAT setup). However, there are admin ports that I don't want to through the NLB and want the admins to be able to access on the machines (application servers) directly on a per machine basis (the admin should know what machine they are on). So I've added the applicatons servers to the normal network so that the admins can access them directly on their management ports (without going through the NLB). However, normal users can't access them directly (I have a firewall on the application servers blocking access to port 80 except from the NLB). Since I can't differentiate between a user request and an admin request from the network they are coming from, I've set it up so that they all go out through the NLB (as a gateway). I can't have the 10.0.0.X subnet route up because otherwise the LVS-NAT would be confused (I'd have to change to LVS-DR).
 
Old 08-30-2006, 05:07 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
that just looks like a nasty mess to me... i guess i would look at having a physically seperate admin network for them to sit on and keep normal users as far from that as possible.
 
Old 08-30-2006, 05:42 AM   #5
LinuxGeek
Member
 
Registered: Jun 2002
Posts: 302

Original Poster
Rep: Reputation: 31
I agree with you it's a mess However, I doubt I can convince them to create a seperate management network. Thanks for your help.
 
Old 08-30-2006, 07:46 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
only alternative could be some form of source nat on the network, to make the management clients appear to be coming from elsewhere in the first place, possibly by the client itself. fairly simple for a linux box to do, not sure about the windows side.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to create a route to a usb0 interface? cmisip Linux - Networking 13 03-02-2007 12:07 AM
DHCP default route attached to loopback interface chiefdan Linux - Hardware 2 12-06-2005 06:08 PM
ping on wrong interface despite route ocgltd Linux - Networking 1 09-27-2005 12:23 AM
Route to subnet exists but I get "Network unreachable" when adding default route fciuffani Linux - Networking 4 08-18-2004 03:11 PM
Route all traffic of a given type to an interface tsweatt Linux - Networking 0 09-01-2003 01:24 PM


All times are GMT -5. The time now is 10:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration