route, tell eth1 to only aswer to xyz addresses

metalfan · 2008-06-22 19:47:49

Hi,

How do i tell eth1 to only work for address that dont start with 195.168.x.x. i know that i can add routes to other networks like this:
"route add -net 250.122.0.0 netmask 255.255.0.0 dev eth1"
which tells eth1 to use eth1 for this address...but how do i tell eth1 not to answer anything thats 195.168.x.x?

if i setup my eth0 with:

ifconfig eth0 195.168.10.2 && route add default gw 195.168.10.1

i will get a routing table that looks like this:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
195.168.10.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         195.168.10.1     0.0.0.0         UG    0      0        0 eth0

if i now activate the second network card with:

ifconfig eth1 195.168.10.3

it looks like this:

195.168.10.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
195.168.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0         195.168.10.1     0.0.0.0         UG    0      0        0 eth0

Julius

Last edited by metalfan (2008-06-22 19:48:04)

fukawi2 · 2008-06-23 02:02:51

That's nasty, just really nasty...

a) The IP subnets of eth0 and eth1 overlap. The netmask of eth1 envelopes the eth2 subnet. If they are the same physical network, then they should have the same netmask. If they're different physical networks, then they can't be overlapping like that.
b) Why are you using public IP addresses with /24 and /16 netmasks? Unless you own those IP ranges, you should be using private IP ranges - 192.168.x.x or 172.16-31.x.x or 10.x.x.x

metalfan · 2008-06-23 13:46:51

Ive changed my real ip address against 195.168.x.x, just checked it again, but it looks like just this.
I dont own the ip range, but i can use a few in this range.
They are on the same physical network, the netmask was set by infconfig.

Ive only run this command to setup eth1

ifconfig eth1 195.168.10.3

Last edited by metalfan (2008-06-23 13:48:21)

fukawi2 · 2008-06-24 01:52:35

those IP addresses are public - what is the range you're allowed to use, because you'll need to set the netmask appropriately. ie, if you have a /29 range, your netmask will be 255.255.255.248 which is set by:

ifconfig eth1 192.168.10.3 netmask 255.255.255.248

Once you get the netmasks set correctly, hopefully the networks over eth0 and eth1 won't overlap each other and you won't get the asymmetrical routing issues

Last edited by fukawi2 (2008-06-24 01:53:08)

metalfan · 2008-06-24 16:49:04

Ah, "symmetric routing issue" got me to this article:

http://www.linuxjournal.com/article/7291

Now i know what it is.

For now ive set my nics up with 255.255.255.0 which works, of course the the symmetric routing issue can appear.
Still i dont know howto tell eth1 to only work for specific networks.

fukawi2 · 2008-06-24 23:33:32

If both NICS are now using 255.255.255.0 (ie /24) as their netmask, then eth1 will only talk to and respond to the 195.168.10.x network and the hosts on that network.

If you want to block hosts from outside that network (ie, that are being routed into the local network by a router), then you'll need to use iptables. A rule something like this will DROP anything coming in on eth1 and not originating from 195.168.10.x network:

iptables -A INPUT -i eth1 -s !195.168.10.1/24 -J DROP

Arch Linux

#1 2008-06-22 19:47:49

route, tell eth1 to only aswer to xyz addresses

#2 2008-06-23 02:02:51

Re: route, tell eth1 to only aswer to xyz addresses

#3 2008-06-23 13:46:51

Re: route, tell eth1 to only aswer to xyz addresses

#4 2008-06-24 01:52:35

Re: route, tell eth1 to only aswer to xyz addresses

#5 2008-06-24 16:49:04

Re: route, tell eth1 to only aswer to xyz addresses

#6 2008-06-24 23:33:32

Re: route, tell eth1 to only aswer to xyz addresses

Board footer