[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Martian source... Need to have route to other networks via internal interface. What to do?


I cant use aliases. Too much networks and too often changes...

It works with zebra:

# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       B - BGP, > - selected route, * - FIB route

S [1/0] via, eth1
K>* via, eth1
K * is directly connected, lo
C>* is directly connected, lo0
C>* is directly connected, eth0
S [1/0] via, eth0
S>* [1/0] via, eth0
C>* is directly connected, eth1

And packets from now can reach this computer...
Heh.. Now I trying to up ospf between ciscos and linuxes... This computer is not a router but need to have routes to other network not through default gw. Net information is not so static to keep routes manually... Hehhh... 7 linuses and 9 ciscos... :-|

So, EIGRP is much faster then OSPF I choose for linux. I hope I can use EIGRP between ciscos and OSPF between linuxes and one cisco 'main router'.

Sergei Keler
General DataComm
tel.:     +7(812)325-1085
fax:     +7(812)325-1086

On 22.11.2005, at 18:24, Dana Hudes wrote:

Your linux box can't send packets outside the LAN unless you use NAT on the router since your diagram does not include a proxy (cisco can NAT but
it isn't a proxy).

EIGRP is not going to work on a Linux system it is proprietary.
Futhermore the Linux system is a host. It is not supposed to run dynamic routing protocol. The Cisco router is supposed to have routes for all your
other subnets -- interface routes not dynamic ones. This can be from
subinterfaces or physical ones.

The linux host gets 1 static route: default , with gw

I cant do it. I need default gw to real address :-(

Send packets to router let it do its job.
Don't go running zebra and stuff on linux unless you want it to be a
router. that only makes sense for more sophisticated situaitons where the
cost of a cisco interface is much more expensive than a PC.
Also remember that a cisco router WILL forward packets MUCH faster than a
PC. It has special hardware inside for this purpose.

On Tue, 22 Nov 2005, Sergei Keler wrote:

Yes. Thats right.

Internet --- [ cisco router ] -----------------+ eth0 217.x.x.x
                     |           [linux box]
                   [switch] --------------------+ eth1
Several LANs including for example...

Linux box dont need to route outside LAN. It must use specified GW
for route other LAN networks.
If I use YAST to add rotes it works strange.
Manual adding route like:
route add -net gw
works! [censored]! Still [censored] with yast and its environment to
keep reached configuration :-)

Next step will be adding dynamic routing driven by cisco :-(

Sergei Keler
General DataComm
tel.:     +7(812)325-1085
fax:     +7(812)325-1086

On 22.11.2005, at 17:38, Dana Hudes wrote: is a legitimate RFC1918 address.
Its not publicly routable but its fine to use behind a proxy or NAT
gateway in a private network.

On Tue, 22 Nov 2005, Dirk Schreiner wrote:


anyway there will never be a net

Syv Ritch wrote:
Sergei Keler wrote:

Next, what you recommend as linux implementation of Cosco's EIGRP?
Ciscos use EiGRP to keep routes between them using net.

1. EIGRP is proprietary to Cisco, and only runs on Cisco gear.
2. There is nothing in EIGRP that "keep routes between them using net".
For a simplified explanation of EIGRP:


TRIA IT-consulting GmbH
Joseph-Wild-Straц÷e 20
81829 Mц╪nchen
Tel: +49 (89) 92907-0
Fax: +49 (89) 92907-100

Registergericht Mц╪nchen HRB 113466
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600
Geschц╓ftsfц╪hrer: Richard Hofbauer
kaufm. Geschц╓ftsleitung: Rosa
Nachricht von: Dirk.Schreiner@xxxxxxx
Nachricht an: suse@xxxxxxxxxxxxxxx, skiller@xxxxxx, suse-
# Dateianhц╓nge: 0

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here