LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-22-2015, 05:19 PM   #1
ron7000
Member
 
Registered: Nov 2007
Location: CT
Posts: 248

Rep: Reputation: 26
what value for default gateway on static ip address system ?


having static ip address of 192.168.1.1
and a netmask of 255.255.255.0

my system works fine, without setting a default gateway it can see other computers on my local network of 192.168.1.# through a network switch, no router. everything works fine, and there is no outside or internet access nor does there need to be.

i'm told a default gateway needs to be set, what value do i use?
 
Old 10-22-2015, 05:27 PM   #2
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,760

Rep: Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208
Quote:
Originally Posted by ron7000 View Post
i'm told a default gateway needs to be set, what value do i use?
Told by whom? If you are not trying to access any network addresses other than your local segment, there is no use for a gateway address.
 
Old 10-22-2015, 08:36 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 21,886

Rep: Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615
You only need a gateway address if you wish to access IP addresses outside of the subnet.

The IP address plus subnet mask determines what is in and what is out of subnet.
 
Old 10-23-2015, 01:39 PM   #4
ron7000
Member
 
Registered: Nov 2007
Location: CT
Posts: 248

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by rknichols View Post
Told by whom?
these people: https://stigviewer.com/stig/unix_srg...finding/V-4397

The system must be configured with a default gateway for IPv4 if the system uses IPv4, unless the system is a router.

If a system has no default gateway defined, the system is at increased risk of man-in-the-middle, monitoring, and Denial-of-Service attacks.

those same people also tell me i need a separate file system partition for
/home {V-12003}
/tmp {V-23739}
/var {V-23736}
/var/log/audit {V-23738}

so in addition to /dev/sda1 my efi boot partition, and
/dev/sda2 my / ext 3 partition,
i need to make 4 other partitions on the disk.. or use more hard drives.
 
Old 10-23-2015, 03:04 PM   #5
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,760

Rep: Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208
As an old co-worker worker so eloquently put it, "They want a number? Give them a {expletive} number!" Pick an unused address in your local network and configure that as the gateway for the default route. It will be a "router" that is always down.
 
Old 10-23-2015, 04:34 PM   #6
jefro
Moderator
 
Registered: Mar 2008
Posts: 21,886

Rep: Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615Reputation: 3615
It is a bit hard for an IPv4 system to be attacked when there is no gateway(ip).

You should just try it without a gateway address and see if you can access the outside world.
 
Old 10-23-2015, 04:41 PM   #7
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
Quote:
Originally Posted by ron7000 View Post
these people: https://stigviewer.com/stig/unix_srg...finding/V-4397

The system must be configured with a default gateway for IPv4 if the system uses IPv4, unless the system is a router.

If a system has no default gateway defined, the system is at increased risk of man-in-the-middle, monitoring, and Denial-of-Service attacks.

those same people also tell me i need a separate file system partition for
/home {V-12003}
/tmp {V-23739}
/var {V-23736}
/var/log/audit {V-23738}

so in addition to /dev/sda1 my efi boot partition, and
/dev/sda2 my / ext 3 partition,
i need to make 4 other partitions on the disk.. or use more hard drives.
I don't wish to be rude but, perhaps, it is worth finding out what a default gateway does, what a partition is and why one would use more than one on a Linux install and a few other details before jumping in and trying to use whatever product this is you are trying to install (I am guessing some kind of security toolkit?).
 
Old 10-23-2015, 08:17 PM   #8
ron7000
Member
 
Registered: Nov 2007
Location: CT
Posts: 248

Original Poster
Rep: Reputation: 26
"A default gateway in computer networking is the node that is assumed to know how to forward packets on to other networks."

I already know if i only set up a static ip address and subnet mask but no dns and no gateway values then a user cannot easily get out past that initial network switch/router it's connected to. This is with that switch/router the system is connected to having an uplink to other switches/routers that then make it to a gateway getting out to outside networks and the internet.
I guess that opens up the question: can a user with no elevated privilege on a linux system still somehow get data in/out from the system over the network when it's set up like that without a gateway?

I want to understand why setting a default gateway is better.. how it is "at increased risk" according to what is said when no gateway is set?
I would think... just like not installing software you don't need... if a gateway is NOT set then would i not be better off ? It's a simple isolated network, and i do NOT want connectivity to any outside network beyond what computers are connected to this one 16-port or 24-port network switch (not router).


if i set the default gateway to some bogus address that no computer is on,
the big thing these days being insider threat,
since my system is physically not connected to an outside network then wouldn't setting a default gateway make it more vulnerable if someone on the inside is then able to connect some other system on that network having an ip address that is the default gateway value i set for my system.... just to give them an f'ing number ?

I found it funny you said, "As an old co-worker worker so eloquently put it..."
the key word being old co-worker...

I don't want to just give them a number though, they can go pound sand. I want to know what the best way to do it is, and why.

Last edited by ron7000; 10-23-2015 at 08:19 PM.
 
Old 10-23-2015, 09:58 PM   #9
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,760

Rep: Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208Reputation: 2208
Quote:
Originally Posted by ron7000 View Post
I found it funny you said, "As an old co-worker worker so eloquently put it..."
the key word being old co-worker...
The context for that remark had nothing whatever to do with computers or networking, but addressed bureaucratic requests for a number for some trivial, but annoying to determine, quantity, e.g., "How many soldering irons are used in this facility?" "Just write '27' in there and be done with it. They want a number -- give them a few-king number!"

Quote:
I don't want to just give them a number though, they can go pound sand.
If there is no requirement to satisfy this as part of some audit, forget about it. It is meaningless to specify a gateway for an interface that has no route to anything other than its local subnet. You don't have that interface marked as a default route, do you? Is there even another machine on that subnet capable of acting as a router and forwarding packets outside the subnet?
 
Old 10-24-2015, 06:54 PM   #10
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 875

Rep: Reputation: 282Reputation: 282Reputation: 282
I can tell you right now that setting a default GW will not protect you from any of the things listed on that site.

People who make claims like the ones on that site without any justification or examples (I would like to see their claims for your configuration) don't know what they're talking about.

FYI A legit man-in-the-middle attack on your configuration would occur at L2, no L3 protection will stop that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Trying to extract the IP address of the default gateway dixon464 Programming 3 12-09-2014 01:25 PM
Quick question about persistent static routes and default gateway ghughes5669 Linux - Networking 1 04-23-2014 03:16 PM
How to hold static ip address from a different gateway router unraisedarc Linux - Networking 2 07-06-2010 06:23 PM
[SOLVED] How to change static gateway ip address ethereal1m Linux - Networking 2 03-31-2010 08:43 AM
non-default route to static host through gateway for ppp failover testing jrscandora Linux - Networking 3 04-21-2009 03:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration