LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-12-2017, 09:43 AM   #1
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6, CentOS 7 (with Mate), Ubuntu 16.04 Mate
Posts: 1,642

Rep: Reputation: 112Reputation: 112
What is this strange gateway entry in my routing table?


I think I know the answer to this but please allow me to ask the question at least to clarify it in my mind and for confirmation...

I am running my ISP provided DSL Modem/router box in "transparent bridged" mode per the configuration Web interface. The Internet IP address is thus assigned to the PC connected to the Modem/router. The PC is running CentOS 7.4 and has two NICs. One is connected to the Modem/router and the second is "Shared to other computers" with network manager and serves to pass traffic to my LAN. Here is the routing table
Code:
[ken@taylor16 ~]$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         nc-71-0-16-1.dh 0.0.0.0         UG        0 0          0 p1p2
10.42.0.0       0.0.0.0         255.255.255.0   U         0 0          0 enp0s20u1
71.0.16.0       0.0.0.0         255.255.248.0   U         0 0          0 p1p2
The entry under Gateway on the first line nc-71-0-16-1.dh is I suspect the ISP's "black box" from which the DSL signal originates. (It used to be called the "Central Office" from which I was always too far away for DSL service.) Am I correct in assuming that this device performs routing of my traffic after it leaves the PC and is passed via DSL to the Internet? If so, that is well and good until...

When I connect to a VPN using openvpn I see the following routing table
Code:
[ken@taylor16 ~]$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.8.8.1        128.0.0.0       UG        0 0          0 tun0
default         nc-71-0-16-1.dh 0.0.0.0         UG        0 0          0 p1p2
10.8.8.0        0.0.0.0         255.255.255.0   U         0 0          0 tun0
10.42.0.0       0.0.0.0         255.255.255.0   U         0 0          0 enp0s20u1
ip124.67-202-83 nc-71-0-16-1.dh 255.255.255.255 UGH       0 0          0 p1p2
71.0.16.0       0.0.0.0         255.255.248.0   U         0 0          0 p1p2
128.0.0.0       10.8.8.1        128.0.0.0       UG        0 0          0 tun0
If I understand correctly the kernel reads the table from the top looking for a route for a given packet. In this case outbound traffic would be handled by the first line and passed to my VPN - provided the VPN is accepting traffic. That is a good thing.

The next point of confusion is Destination ip124.67-202-83. What ever is that? It appears to be going to the ISP's black box router "thing" and is bypassing my VPN tunnel. The H flag indicates "Only a single host can be reached through the route." from what I can find. That would correspond with the ISP black box theory. What sort of traffic would be directed to that specific device?

TIA,

Ken
 
Old 10-12-2017, 03:49 PM   #2
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,091
Blog Entries: 3

Rep: Reputation: 178Reputation: 178
Use route or route -n to look at your routing table.
There are other factors when deciding which route to take like metrics.

Are you doing split tunneling?
 
1 members found this post helpful.
Old 10-12-2017, 04:25 PM   #3
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 2,327

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
Yes, that is the DSL router hostname (and represents the default gateway address for internet-bound traffic).
Code:
nslookup nc-71-0-16-1.dh
Quote:
The next point of confusion is Destination ip124.67-202-83. What ever is that? It appears to be going to the ISP's black box router "thing" and is bypassing my VPN tunnel. The H flag indicates "Only a single host can be reached through the route." from what I can find. That would correspond with the ISP black box theory.
I assume it's related to your VPN provider.
Code:
nslookup ip124.67-202-83
or run the following to get its numerical IP address
Code:
netstat -rn
The hostname suggests the IP address 24.67.202.83....run a 'who is' against it
https://www.ultratools.com/tools/ipWhoisLookup
I get
Code:
 Source:  whois.arin.net
IP Address:  24.67.202.83
Name:  SHAW-COMM
Handle:  NET-24-64-0-0-1
Registration Date:  6/3/96
Range:  24.64.0.0-24.71.255.255
Org:  Shaw Communications Inc.
Org Handle:  SHAWC
Address:  Suite 800
630 - 3rd Ave. SW
City:  Calgary
State/Province:  AB
Postal Code:  T2P-4L4
Country:  CANADA

Last edited by ferrari; 10-12-2017 at 04:29 PM.
 
1 members found this post helpful.
Old 10-12-2017, 07:52 PM   #4
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6, CentOS 7 (with Mate), Ubuntu 16.04 Mate
Posts: 1,642

Original Poster
Rep: Reputation: 112Reputation: 112
Thanks for asking lazydog. If by split tunneling you mean sending part of the traffic through the VPN and part outside the VPN I hope I am NOT doing that. All traffic should go through the VPN.

Thanks as always ferrari. You are a wealth of knowledge. I always appreciate your input and advice. I agree that the mystery entries smell like the ISP's stuff. I had never connected a PC directly to a bridged modem/router before. I always had a separate router box in the middle of things. I think I will put this item on the back burner for a while and not worry too much about it.

I am making progress on my VPN vs. firewall question. I posted the question to the openvpn forum. I received some comments and an excellent diagram showing how openvpn works. I have written up my interpretation of the situation to that forum and if I am not totally out in space I will update my post on this forum.

Ken
 
Old 10-13-2017, 12:30 AM   #5
stefan6
LQ Newbie
 
Registered: Oct 2017
Posts: 2

Rep: Reputation: Disabled
Use route or route -n to look at your routing table. Thanks ferrari for your informative and helpful advice! I recommend you to visit this site for any router issue: 192.168.0.1
 
Old 10-13-2017, 12:52 AM   #6
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 2,327

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
@stefan6:Just to be clear, this isn't a router issue.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to add a new entry to routing table for AODV in NS2 simulator? silsila Linux - Software 1 04-26-2014 06:31 AM
Adding route entry to linux routing table with external gateway netg Linux - Newbie 1 03-11-2011 09:39 AM
Routing table entry Ifurita1981 Linux - Networking 6 03-25-2007 03:53 PM
how to set default entry in routing table? cranium2004 Linux - Networking 7 03-15-2005 06:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration