what value for default gateway on static ip address system ?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
what value for default gateway on static ip address system ?
having static ip address of 192.168.1.1
and a netmask of 255.255.255.0
my system works fine, without setting a default gateway it can see other computers on my local network of 192.168.1.# through a network switch, no router. everything works fine, and there is no outside or internet access nor does there need to be.
i'm told a default gateway needs to be set, what value do i use?
The system must be configured with a default gateway for IPv4 if the system uses IPv4, unless the system is a router.
If a system has no default gateway defined, the system is at increased risk of man-in-the-middle, monitoring, and Denial-of-Service attacks.
those same people also tell me i need a separate file system partition for
/home {V-12003}
/tmp {V-23739}
/var {V-23736}
/var/log/audit {V-23738}
so in addition to /dev/sda1 my efi boot partition, and
/dev/sda2 my / ext 3 partition,
i need to make 4 other partitions on the disk.. or use more hard drives.
As an old co-worker worker so eloquently put it, "They want a number? Give them a {expletive} number!" Pick an unused address in your local network and configure that as the gateway for the default route. It will be a "router" that is always down.
The system must be configured with a default gateway for IPv4 if the system uses IPv4, unless the system is a router.
If a system has no default gateway defined, the system is at increased risk of man-in-the-middle, monitoring, and Denial-of-Service attacks.
those same people also tell me i need a separate file system partition for
/home {V-12003}
/tmp {V-23739}
/var {V-23736}
/var/log/audit {V-23738}
so in addition to /dev/sda1 my efi boot partition, and
/dev/sda2 my / ext 3 partition,
i need to make 4 other partitions on the disk.. or use more hard drives.
I don't wish to be rude but, perhaps, it is worth finding out what a default gateway does, what a partition is and why one would use more than one on a Linux install and a few other details before jumping in and trying to use whatever product this is you are trying to install (I am guessing some kind of security toolkit?).
"A default gateway in computer networking is the node that is assumed to know how to forward packets on to other networks."
I already know if i only set up a static ip address and subnet mask but no dns and no gateway values then a user cannot easily get out past that initial network switch/router it's connected to. This is with that switch/router the system is connected to having an uplink to other switches/routers that then make it to a gateway getting out to outside networks and the internet.
I guess that opens up the question: can a user with no elevated privilege on a linux system still somehow get data in/out from the system over the network when it's set up like that without a gateway?
I want to understand why setting a default gateway is better.. how it is "at increased risk" according to what is said when no gateway is set?
I would think... just like not installing software you don't need... if a gateway is NOT set then would i not be better off ? It's a simple isolated network, and i do NOT want connectivity to any outside network beyond what computers are connected to this one 16-port or 24-port network switch (not router).
if i set the default gateway to some bogus address that no computer is on,
the big thing these days being insider threat,
since my system is physically not connected to an outside network then wouldn't setting a default gateway make it more vulnerable if someone on the inside is then able to connect some other system on that network having an ip address that is the default gateway value i set for my system.... just to give them an f'ing number ?
I found it funny you said, "As an old co-worker worker so eloquently put it..."
the key word being old co-worker...
I don't want to just give them a number though, they can go pound sand. I want to know what the best way to do it is, and why.
I found it funny you said, "As an old co-worker worker so eloquently put it..."
the key word being old co-worker...
The context for that remark had nothing whatever to do with computers or networking, but addressed bureaucratic requests for a number for some trivial, but annoying to determine, quantity, e.g., "How many soldering irons are used in this facility?" "Just write '27' in there and be done with it. They want a number -- give them a few-king number!"
Quote:
I don't want to just give them a number though, they can go pound sand.
If there is no requirement to satisfy this as part of some audit, forget about it. It is meaningless to specify a gateway for an interface that has no route to anything other than its local subnet. You don't have that interface marked as a default route, do you? Is there even another machine on that subnet capable of acting as a router and forwarding packets outside the subnet?
I can tell you right now that setting a default GW will not protect you from any of the things listed on that site.
People who make claims like the ones on that site without any justification or examples (I would like to see their claims for your configuration) don't know what they're talking about.
FYI A legit man-in-the-middle attack on your configuration would occur at L2, no L3 protection will stop that.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.