[techtalk] Netstat weirdness

Conor Daly conor.daly at oceanfree.net
Thu Aug 17 08:49:57 EST 2000 

On Wed, Aug 16, 2000 at 04:19:33PM -0500 or so it is rumoured hereabouts,
 kelly at poverty.bloomington.in.us thought...
> 
> Here's the route list you gave earlier:
> |Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
> |63.251.67.56    0.0.0.0         255.255.255.248 U         0 0          0 eth0
> |192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
> |127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
> |0.0.0.0         63.251.67.57    0.0.0.0         UG        0 0          0 eth0 
> 
> The way the kernel routes packets is, for each route table entry, in
> order, it takes the IP address you're trying to reach, binary-ANDs it
> with the genmask, and then compares the result with the destination.
> If it matches, it sends the packet to the specified interface.  If the
> G flag is NOT set, then this is a direct route; if G is not set, then
> you're going out a gateway.  So, in your case, 63.251.67.56 thru
> 63.251.67.63 all go direct to eth0, 192.168.0.0 through 192.168.0.255
> all go direct to eth1, 127.0.0.0 thru 127.255.255.255 all go direct
> thru lo (the loopback interface), and everything else is gatewayed to
> 63.251.67.57 via eth0.  This is perfectly consistent with your
> ifconfig settings.
> 
> The network on eth0 has the network address 63.251.67.56.  This should
> not be the IP address of any machine on that network, since subnet
> address 0 is reserved.  .56 is the network address and .63 is the
> broadcast address for this subnet.
> 
> In short, there's doesn't appear to be anything at all wrong with your 
> routing.
> 

Question for you...

I'm using an old 486 as internet gateway / router / firewall.  I'm using a
P200 as server / DNS / squid proxy (Well, I will be once I get around to 
configuring squid).  I want to set things up so that clients need one IP
address only for gateway, DNS, proxy etc.  How do I set up the routing?

Firewall	192.168.1.254
Server		192.168.1.1
Clients		192.168.1.2-5

Client Routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.254   0.0.0.0         255.255.255.255 U         0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         192.168.20.1    0.0.0.0         UG        0 0          0 sl0


Server Routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.1     0.0.0.0         255.255.255.255 U         0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         192.168.1.254   0.0.0.0         UG        0 0          0 eth0

If I point a client to the server as it's gateway, nothing gets routed out
through the gateway.  Only if I give the actual gateway machine as gateway
does the routing happen but I want to use the squid proxy transparently and
supply only one IP address to be used for gateway / dns .  

Is it simply a matter of using ipchains to set up forwarding from the server
to the gateway (which, itself, uses ipchains for the firewall / Ip masq)?

-- 
Conor Daly <conor.daly at oceanfree.net>

Domestic Sysadmin :-)

More information about the Techtalk mailing list