Re: 3 nics in linux box (iptables)

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 04/29/05 

Date: Thu, 28 Apr 2005 18:48:01 -0500

In article <d4ptrc$aqh$1@news-int.gatech.edu>, Jeremy wrote:

>> On Tue, 26 Apr 2005, Jeremy wrote:

>>>I have a Fedora core 3 (2.6.11-1.14_FC3)

>Here's the output of netstat -rn
>--------------------------------
>Kernel IP routing table
>Destination Gateway Genmask Flags MSS W irtt Iface
>192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
>192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
>128.61.me.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
>0.0.0.0 128.61.me.1 0.0.0.0 UG 0 0 0 eth0
>
>I'm not sure where the 4th entry (169.254.0.0) is from--that's the only
>wierd looking thing to me.

This is a "feature" that microsoft has been trying to get standardized since
1998. The idea is that when the MCSE has so screwed up the configuration of
the DHCP server that even a windoze box can't get an address, it will reach
up between it's legs and grab an IP address randomly out of the 169.254/16
range and use that. Several Linux distributions have been adding a route
to the network - perhaps to avoid the 'Martian Packet' error messages when
this happens. I've not seen a Linux box actually assign such an address to
any interface.

If you look inside /etc/sysconfig/network-scripts/ifup you'll probably find:

-----8<-------
# Add Zeroconf route.
if [ -z "${NOZEROCONF}" -a "${ISALIAS}" = "no" ]; then
    ip route replace 169.254.0.0/16 dev ${REALDEVICE}
fi
-----8<-------

So if you set NOZEROCONF=yes in the /etc/sysconfig/network configuration
file, this "feature" will be disabled.

>Do I need to remove it?

http://www.ietf.org/internet-drafts/draft-ietf-zeroconf-ipv4-linklocal-17.txt
(8 July 2004 which expired 2 Jan 2005) para 1.9 says "should not" have
zero-conf address if the interface ALSO has a routable (meaning anything
other than 169.254.0.0/16) address. However, this is just a routing table
entry, not an address assignment (check this with /sbin/ifconfig). It's up
to you if you want or don't want the routing table entry (I don't), as any
properly configured router should silently discard packets with these
addresses.

        Old guy

Relevant Pages

  • FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip
    ... established with a particular host, a so-called "cloned route" entry ... ICMP echo reply message would cause a reference count on a routing ...
    (Bugtraq)
  • FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip
    ... established with a particular host, a so-called "cloned route" entry ... ICMP echo reply message would cause a reference count on a routing ...
    (FreeBSD-Security)
  • Re: IP6 addresses in my routing table
    ... Actually there are a number of these in the routing table printed ... attached to the entry for my gateway and to the entry for the ... Here is the output of 'route -n show': ... I did a 'ps -ax' and saw a process named 'comsat' which I have never ...
    (comp.unix.bsd.openbsd.misc)
  • Re: What is it I ask?
    ... Dave Symes wrote: ... When using DHCP are you leaving an entry in the routing window in the ... Gateway entry, as this will give an error re routing as the gateway is ... route, if so blank it out,you only need it if you use manual settings. ...
    (comp.sys.acorn.networking)
  • Re: How to delete a duplicate routing entry?
    ... > entry in the routing table. ... I'm trying to fix this, ... whith route -f. ...
    (comp.unix.aix)