[SOLVED] What is this strange gateway entry in my routing table?

taylorkh · 10-12-2017, 08:43 AM

I think I know the answer to this but please allow me to ask the question at least to clarify it in my mind and for confirmation...

I am running my ISP provided DSL Modem/router box in "transparent bridged" mode per the configuration Web interface. The Internet IP address is thus assigned to the PC connected to the Modem/router. The PC is running CentOS 7.4 and has two NICs. One is connected to the Modem/router and the second is "Shared to other computers" with network manager and serves to pass traffic to my LAN. Here is the routing table

Code:

[ken@taylor16 ~]$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         nc-71-0-16-1.dh 0.0.0.0         UG        0 0          0 p1p2
10.42.0.0       0.0.0.0         255.255.255.0   U         0 0          0 enp0s20u1
71.0.16.0       0.0.0.0         255.255.248.0   U         0 0          0 p1p2

The entry under Gateway on the first line nc-71-0-16-1.dh is I suspect the ISP's "black box" from which the DSL signal originates. (It used to be called the "Central Office" from which I was always too far away for DSL service.) Am I correct in assuming that this device performs routing of my traffic after it leaves the PC and is passed via DSL to the Internet? If so, that is well and good until...

When I connect to a VPN using openvpn I see the following routing table

Code:

[ken@taylor16 ~]$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.8.8.1        128.0.0.0       UG        0 0          0 tun0
default         nc-71-0-16-1.dh 0.0.0.0         UG        0 0          0 p1p2
10.8.8.0        0.0.0.0         255.255.255.0   U         0 0          0 tun0
10.42.0.0       0.0.0.0         255.255.255.0   U         0 0          0 enp0s20u1
ip124.67-202-83 nc-71-0-16-1.dh 255.255.255.255 UGH       0 0          0 p1p2
71.0.16.0       0.0.0.0         255.255.248.0   U         0 0          0 p1p2
128.0.0.0       10.8.8.1        128.0.0.0       UG        0 0          0 tun0

If I understand correctly the kernel reads the table from the top looking for a route for a given packet. In this case outbound traffic would be handled by the first line and passed to my VPN - provided the VPN is accepting traffic. That is a good thing.

The next point of confusion is Destination ip124.67-202-83. What ever is that? It appears to be going to the ISP's black box router "thing" and is bypassing my VPN tunnel. The H flag indicates "Only a single host can be reached through the route." from what I can find. That would correspond with the ISP black box theory. What sort of traffic would be directed to that specific device?

TIA,

Ken

lazydog · 10-12-2017, 02:49 PM

Use route or route -n to look at your routing table.
There are other factors when deciding which route to take like metrics.

Are you doing split tunneling?

ferrari · 10-12-2017, 03:25 PM

Yes, that is the DSL router hostname (and represents the default gateway address for internet-bound traffic).

Code:

nslookup nc-71-0-16-1.dh

Quote:

The next point of confusion is Destination ip124.67-202-83. What ever is that? It appears to be going to the ISP's black box router "thing" and is bypassing my VPN tunnel. The H flag indicates "Only a single host can be reached through the route." from what I can find. That would correspond with the ISP black box theory.

I assume it's related to your VPN provider.

Code:

nslookup ip124.67-202-83

or run the following to get its numerical IP address

Code:

netstat -rn

The hostname suggests the IP address 24.67.202.83....run a 'who is' against it
https://www.ultratools.com/tools/ipWhoisLookup
I get

Code:

 Source:  whois.arin.net
IP Address:  24.67.202.83
Name:  SHAW-COMM
Handle:  NET-24-64-0-0-1
Registration Date:  6/3/96
Range:  24.64.0.0-24.71.255.255
Org:  Shaw Communications Inc.
Org Handle:  SHAWC
Address:  Suite 800
630 - 3rd Ave. SW
City:  Calgary
State/Province:  AB
Postal Code:  T2P-4L4
Country:  CANADA

taylorkh · 10-12-2017, 06:52 PM

Thanks for asking lazydog. If by split tunneling you mean sending part of the traffic through the VPN and part outside the VPN I hope I am NOT doing that. All traffic should go through the VPN.

Thanks as always ferrari. You are a wealth of knowledge. I always appreciate your input and advice. I agree that the mystery entries smell like the ISP's stuff. I had never connected a PC directly to a bridged modem/router before. I always had a separate router box in the middle of things. I think I will put this item on the back burner for a while and not worry too much about it.

I am making progress on my VPN vs. firewall question. I posted the question to the openvpn forum. I received some comments and an excellent diagram showing how openvpn works. I have written up my interpretation of the situation to that forum and if I am not totally out in space I will update my post on this forum.

Ken

stefan6 · 10-12-2017, 11:30 PM

Use route or route -n to look at your routing table. Thanks ferrari for your informative and helpful advice! I recommend you to visit this site for any router issue: 192.168.0.1

ferrari · 10-12-2017, 11:52 PM

@stefan6:Just to be clear, this isn't a router issue.

ferrari · 09-18-2019, 02:33 AM

Reported ^^

ferrari · 10-09-2019, 03:43 AM

Reported ^^