Hi guys, i am just playing around with iproute2 and some questions came to my mind. I´m wondering why I get a route entry for the subnet of eth0s primary addr if I use the command "ip link set eth0 up". I´m personally not a friend of such behaviour, because I often need some strange routing set-ups. Is it possible to avoid this behaviour, meaning I only get routing entries if I really set them by myself? Thanks in advance .\\ichael Schoen -- Michael Schoen <schoen@anduras.de> _/_/_/ _/_/_/ ANDURAS AG i.G. Internet: www.anduras.de _/_/_/ Innstraße 71 Tel: 0851/4 90 50-0 _/_/_/ 94036 Passau Fax: 0851/4 90 50-55 _/_/_/ _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
On Thu, Nov 02, 2000 at 06:35:48PM +0100, Michael Schoen wrote:> Hi guys, > > i am just playing around with iproute2 and some questions came to my mind. > > I´m wondering why I get a route entry for the subnet of eth0s primary addr > if I use the command "ip link set eth0 up". > > I´m personally not a friend of such behaviour, because I often need some > strange routing set-ups. Is it possible to avoid this behaviour, meaning I > only get routing entries if I really set them by myself?This behaviour has been hotly contested on the linux kernel mailinglist, perhaps the archives can tell you if there is a way around this. Also read the ''ifconfig replacement script'' bij Alexey which contains Deeper Magic which might be useful. Regards, bert hubert -- PowerDNS Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
bert hubert wrote:> > On Thu, Nov 02, 2000 at 06:35:48PM +0100, Michael Schoen wrote: > > Hi guys, > > > > i am just playing around with iproute2 and some questions came to my mind. > > > > I´m wondering why I get a route entry for the subnet of eth0s primary addr > > if I use the command "ip link set eth0 up". > > > > I´m personally not a friend of such behaviour, because I often need some > > strange routing set-ups. Is it possible to avoid this behaviour, meaning I > > only get routing entries if I really set them by myself? > > This behaviour has been hotly contested on the linux kernel mailinglist, > perhaps the archives can tell you if there is a way around this.The reason is that by setting an interface with the IP address A and netmask B you are implying that there is a network attached with the network address A&~B with the given netmask and so a route should be added appropriately. The last I heard was that one of the networking guys gave this explanantion and challenged someone to give an example of where this was the wrong thing to do. The thread died there IIRC. Personally I think it''s a great feature because in at least 99.99% of cases it''s exactly what you want and I havn''t found an example of the other 0.01%. -- Martijn van Oosterhout <kleptog@cupid.suninternet.com> http://cupid.suninternet.com/~kleptog/
hi,> The last I heard was that one of the networking guys gave this explanantion > and challenged someone to give an example of where this was the wrong > thing to do. The thread died there IIRC. > > Personally I think it''s a great feature because in at least 99.99% of > cases it''s exactly what you want and I havn''t found an example of the > other 0.01%.okay - here´s a strange set-up, but if you think over it, it has some nice advantages. Assume you have a public network (e.g. 132.231.1.0) routed to your fw/gateway. For the dmz you use a private network (e.g. 10.10.10.0). In the dmz you have two public server (www 132.231.1.1 and mail 132.231.1.2). on the internal interface of the gw/fw use the ip 10.10.10.254. The two public server have the 2nd adress 10.10.10.1 (www) and 10.10.10.2 (mail). Now use the following route-entries: www and mail: 10.10.10.0/24 -> eth0 default -> 10.10.10.254 and on the firewall you set the following route entries: 10.10.10.0/24 -> eth0 132.231.1.1/32 -> 10.10.10.1 132.231.1.2/32 -> 10.10.10.2 This design has the (dis?)advantage that every packet with public ip addresses within the dmz is routed again over the fw/gw. For some security/accounting reasons this is not a bad idea <g> .\\ichael Schoen -- Michael Schoen <schoen@anduras.de> _/_/_/ _/_/_/ ANDURAS AG i.G. Internet: www.anduras.de _/_/_/ Innstraße 71 Tel: 0851/4 90 50-0 _/_/_/ 94036 Passau Fax: 0851/4 90 50-55 _/_/_/ _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
I have used mask to /32 (255.255.255.255) to get control over the routing table. It''s useful then you want to save IP-addresses. Regards, Daniel> -----Ursprungligt meddelande----- > Från: lartc-admin@mailman.ds9a.nl > [mailto:lartc-admin@mailman.ds9a.nl]För Martijn van Oosterhout > Skickat: Monday, November 06, 2000 12:40 PM > Till: bert hubert > Kopia: lartc@mailman.ds9a.nl > Ämne: Re: [LARTC] iproute2 and routing entries > > > bert hubert wrote: > > > > On Thu, Nov 02, 2000 at 06:35:48PM +0100, Michael Schoen wrote: > > > Hi guys, > > > > > > i am just playing around with iproute2 and some questions > came to my mind. > > > > > > I´m wondering why I get a route entry for the subnet of eth0s > primary addr > > > if I use the command "ip link set eth0 up". > > > > > > I´m personally not a friend of such behaviour, because I > often need some > > > strange routing set-ups. Is it possible to avoid this > behaviour, meaning I > > > only get routing entries if I really set them by myself? > > > > This behaviour has been hotly contested on the linux kernel mailinglist, > > perhaps the archives can tell you if there is a way around this. > > The reason is that by setting an interface with the IP address A > and netmask > B you are implying that there is a network attached with the > network address > A&~B with the given netmask and so a route should be added appropriately. > > The last I heard was that one of the networking guys gave this > explanantion > and challenged someone to give an example of where this was the wrong > thing to do. The thread died there IIRC. > > Personally I think it''s a great feature because in at least 99.99% of > cases it''s exactly what you want and I havn''t found an example of the > other 0.01%. > > -- > Martijn van Oosterhout <kleptog@cupid.suninternet.com> > http://cupid.suninternet.com/~kleptog/ > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:http://ds9a.nl/2.4Routing/