[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Martian source... Need to have route to other networks via internal interface. What to do?
I cant use aliases. Too much networks and too often changes...
It works with zebra:
# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
B - BGP, > - selected route, * - FIB route
S 0.0.0.0/0 [1/0] via 18.104.22.168, eth1
K>* 0.0.0.0/0 via 22.214.171.124, eth1
K * 127.0.0.0/8 is directly connected, lo
C>* 127.0.0.0/8 is directly connected, lo0
C>* 192.168.0.0/24 is directly connected, eth0
S 192.168.1.0/25 [1/0] via 192.168.0.254, eth0
S>* 192.168.254.0/24 [1/0] via 192.168.0.254, eth0
C>* 126.96.36.199/28 is directly connected, eth1
And packets from 192.168.1.0/24 now can reach this computer...
Heh.. Now I trying to up ospf between ciscos and linuxes... This
computer is not a router but need to have routes to other network not
through default gw. Net information is not so static to keep routes
manually... Hehhh... 7 linuses and 9 ciscos... :-|
So, EIGRP is much faster then OSPF I choose for linux. I hope I can
use EIGRP between ciscos and OSPF between linuxes and one cisco 'main
On 22.11.2005, at 18:24, Dana Hudes wrote:
Your linux box can't send packets outside the LAN unless you use
the router since your diagram does not include a proxy (cisco can
it isn't a proxy).
EIGRP is not going to work on a Linux system it is proprietary.
Futhermore the Linux system is a host. It is not supposed to run
routing protocol. The Cisco router is supposed to have routes for
other subnets -- interface routes not dynamic ones. This can be from
subinterfaces or physical ones.
The linux host gets 1 static route: default , with gw 192.168.0.254
I cant do it. I need default gw to real address :-(
Send packets to router let it do its job.
Don't go running zebra and stuff on linux unless you want it to be a
router. that only makes sense for more sophisticated situaitons
cost of a cisco interface is much more expensive than a PC.
Also remember that a cisco router WILL forward packets MUCH faster
PC. It has special hardware inside for this purpose.
On Tue, 22 Nov 2005, Sergei Keler wrote:
Yes. Thats right.
Internet --- [ cisco router ] -----------------+ eth0 217.x.x.x
|192.168.0.254 [linux box]
[switch] --------------------+ eth1 192.168.0.1/24
Several LANs including 192.168.1.0/24 for
Linux box dont need to route outside LAN. It must use specified GW
for route other LAN networks.
If I use YAST to add rotes it works strange.
Manual adding route like:
route add -net 192.168.1.0/24 gw 192.168.0.254
works! [censored]! Still [censored] with yast and its environment to
keep reached configuration :-)
Next step will be adding dynamic routing driven by cisco :-(
On 22.11.2005, at 17:38, Dana Hudes wrote:
192.168.0.254 is a legitimate RFC1918 address.
Its not publicly routable but its fine to use behind a proxy or NAT
gateway in a private network.
On Tue, 22 Nov 2005, Dirk Schreiner wrote:
anyway there will never be a net 192.168.0.254/24.
Syv Ritch wrote:
Sergei Keler wrote:
Next, what you recommend as linux implementation of Cosco's
Ciscos use EiGRP to keep routes between them using
1. EIGRP is proprietary to Cisco, and only runs on Cisco gear.
2. There is nothing in EIGRP that "keep routes between them using
For a simplified explanation of EIGRP:
TRIA IT-consulting GmbH
Tel: +49 (89) 92907-0
Fax: +49 (89) 92907-100
Registergericht Mц╪nchen HRB 113466
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600
Geschц╓ftsfц╪hrer: Richard Hofbauer
kaufm. Geschц╓ftsleitung: Rosa
Nachricht von: Dirk.Schreiner@xxxxxxx
Nachricht an: suse@xxxxxxxxxxxxxxx, skiller@xxxxxx, suse-
# Dateianhц╓nge: 0
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here