Re: Firewall duplicate route table entries

To: debian-firewall@lists.debian.org
Subject: Re: Firewall duplicate route table entries
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Sun, 6 Jul 2003 01:51:34 +0200
Message-id: <[🔎] 20030705235134.GA28320@lina.inka.de>
In-reply-to: <5.1.1.6.0.20030706004005.00a77940@pop3.uk.worldonline.com>
References: <5.1.1.6.0.20030706004005.00a77940@pop3.uk.worldonline.com>

On Sun, Jul 06, 2003 at 12:41:50AM +0100, Shango Oluwa wrote:
> 192.168.168.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 192.168.168.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 192.192.192.0   0.0.0.0         255.255.255.0   U     0      0        0 eth1
> 192.192.192.0   0.0.0.0         255.255.255.0   U     0      0        0 eth1

ah ok, this looks like a bad interaction of the kernels auto-adding of
routes and the routes from /etc/network/interfaces.

> Forgive my ignorance, but I am not familiar with a "run" command - woody 
> does not recognise
> "run" either... and, yes, when I removed the "route add -net..." entries 
> recommended by Tony Mancill's
> Linux Routers (1st Ed.) I now have only one entry per interface (...!)  - 
> online education appreciated -

i was talking about the "up route -del ..." option in the interfaces file.
Sorry I thought it was named 'run'.

> You mention "automatic route table entries"...where are these generated 
> from, ie. which script/process?

the kernel is doing this if you up an interface by ifconfig. I think this is
2.2.x only. 2.0 and 2.4 dont do that.

> Bernd proposes to treat the symptom by deleting extra entries, am I being 
> naive to try and treat the
> cause rather than treating the symptom? If this is kernel reality then I 
> must accept...

in that case it is most likely the easisest solution to upgrade your kernel.
I think there is no way to tell ifup, to not add the routing entry
statically.

Perhaps this warrants a bug report to ifup.

> If the kernel automatically adds route table entries, does it do so with 
> interfaces  loaded as modules also?

Yes, I think it is related to the ioctl, which is the same for static and
loaded interfaces.

> Anyhow I have included ifconfig & route info - but I don't think that my 
> ip/netmask combination is faulty.

Yes you are right, looks fine. I did not expect that kind of duplicate
routes.

You can, btw try it out yourself:

# ifconfig eth0 down
# route
# ifconfig eth0 192.168.168.0 netmask 255.255.255.0 up
# route

and then you should see a route to the new interface.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

Prev by Date: Re: [OT] ports 753 and 783
Next by Date: single module compile
Previous by thread: Re: Firewall duplicate route table entries
Next by thread: [OT] ports 753 and 783
Index(es):
- Date
- Thread