[techtalk] Netstat weirdness
Conor Daly
conor.daly at oceanfree.net
Thu Aug 17 08:49:57 EST 2000
On Wed, Aug 16, 2000 at 04:19:33PM -0500 or so it is rumoured hereabouts,
kelly at poverty.bloomington.in.us thought...
>
> Here's the route list you gave earlier:
> |Destination Gateway Genmask Flags MSS Window irtt Iface
> |63.251.67.56 0.0.0.0 255.255.255.248 U 0 0 0 eth0
> |192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> |127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> |0.0.0.0 63.251.67.57 0.0.0.0 UG 0 0 0 eth0
>
> The way the kernel routes packets is, for each route table entry, in
> order, it takes the IP address you're trying to reach, binary-ANDs it
> with the genmask, and then compares the result with the destination.
> If it matches, it sends the packet to the specified interface. If the
> G flag is NOT set, then this is a direct route; if G is not set, then
> you're going out a gateway. So, in your case, 63.251.67.56 thru
> 63.251.67.63 all go direct to eth0, 192.168.0.0 through 192.168.0.255
> all go direct to eth1, 127.0.0.0 thru 127.255.255.255 all go direct
> thru lo (the loopback interface), and everything else is gatewayed to
> 63.251.67.57 via eth0. This is perfectly consistent with your
> ifconfig settings.
>
> The network on eth0 has the network address 63.251.67.56. This should
> not be the IP address of any machine on that network, since subnet
> address 0 is reserved. .56 is the network address and .63 is the
> broadcast address for this subnet.
>
> In short, there's doesn't appear to be anything at all wrong with your
> routing.
>
Question for you...
I'm using an old 486 as internet gateway / router / firewall. I'm using a
P200 as server / DNS / squid proxy (Well, I will be once I get around to
configuring squid). I want to set things up so that clients need one IP
address only for gateway, DNS, proxy etc. How do I set up the routing?
Firewall 192.168.1.254
Server 192.168.1.1
Clients 192.168.1.2-5
Client Routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.254 0.0.0.0 255.255.255.255 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.20.1 0.0.0.0 UG 0 0 0 sl0
Server Routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.1 0.0.0.0 255.255.255.255 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
If I point a client to the server as it's gateway, nothing gets routed out
through the gateway. Only if I give the actual gateway machine as gateway
does the routing happen but I want to use the squid proxy transparently and
supply only one IP address to be used for gateway / dns .
Is it simply a matter of using ipchains to set up forwarding from the server
to the gateway (which, itself, uses ipchains for the firewall / Ip masq)?
--
Conor Daly <conor.daly at oceanfree.net>
Domestic Sysadmin :-)
More information about the Techtalk
mailing list