Routing – but you knew that already

From the RTFM

In this example, your client machine is connected to a firewalled LAN through ethernet device eth0. Its IP address is 12.34.56.78; its network is 12.34.56.0/24; its router is 12.34.56.1.

Your network administrator may have told you to use 12.34.56.1 as default router, but you shouldn’t. You should only use it as a route to the client side of the firewall.

Let’s suppose the client side of your firewall is made of networks 12.34.0.0/16 and 12.13.0.0/16, and of host 11.22.33.44. To make them accessible through your client router, add these routes to your global network startup script:

route add -net 12.34.0.0 netmask 255.255.0.0 gw 12.34.56.1
route add -net 12.13.0.0 netmask 255.255.0.0 gw 12.34.56.1
route add -host 11.22.33.44 gw 12.34.56.1

You must also keep the route to the client’s local network, necessary for linux kernel 2.0 and earlier, but but unnecessary for linux kernel 2.2 and later (that implicitly adds it during the ifconfig):

route add -net 12.34.56.0 netmask 255.255.255.0 dev eth0

On the other hand, you must remove any default route from your scripts. Delete or comment away a line like:

route add default gw 12.34.56.1

Note that it is also possible to remove the route from the running kernel configuration without rebooting, by the following command:

route del default gw 12.34.56.1

Just so that it’s all in one place 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *