Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm not a big network guy, so please bear with my ignorance.
We've had some DNS issues recently (not sure if it's not resolving through Sprint DNS servers) and in watching netstat -rn lately, I've noticed quite a few entries that are listed with the !H flag. I've looked up all the info I could find but I'm not really sure what is meant. I know it means reject as Host, but why are these entries being added? Looks something like this:
After a week or so, I get several of these different ip's listed here (I know what's loopback and the gateway's not listed). I usually delete the foreign addresses. Can anyone tell me why they're even created here in the first place?
My guess would be that you are running some sort of active Network Intrusion system. It's adding a null route for hosts it thinks are bad. Any ideas on what your are running? What is your firewall system.
I am running PortSentry. But I didn't think it puts the hosts in the router table. I thought it put them in the host.deny file. I could easily be wrong.
We're running RH 7.3 and only using it's own GUI firewall protection (set to high). I'd really like to rewrite the iptables and make them more strict. Just haven't had time. We do have a router in front that has it's own rules to what protocols/ports pass through.
The host.deny file is quite large compared to the few outside ip's that get put in the router table. Does it get flushed after a certain time?
I'm not familiar w/ portsentry. It could be doing both. You probably want to delve into the documentation, unless someone here is more helpful. The problem with host.deny, is that not every application uses it.
PortSentry's a great little packet sniffer designed to block computers from scanning your ports and subsequently your system. I've always loved using it. Unfortunately, Cisco bought it up and I'm not sure why. Either to get this great and free product out of people's minds so they can buy Cisco products, or to study it and learn how to integrate some of it's strengths into their own stuff.
Do you know if the ip router table gets flushed on its own? I know the command to flush it, but I didn't know if is scheduled to do it on its own.
AFAIK, routes aren't automatically aged by the kernel or any userland program. Perhaps portsentry is doing it on it's own. Also, anytime an interface goes down, it loses it's routes. So they will disappear when you reboot. I would look into getting portsentry to use iptables instead of the routing table. My route man page is tell me not to use this feature for firewalling. Go figure.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
