Firewall & Routing - help!

Kevin F. Berrien kblists at comcast.net
Thu Jun 10 22:22:10 UTC 2004 

Rodolfo J. Paiz wrote:

> Please just post to the list and don't CC me. I'm getting two copies 
> of everything you send, and it's confusing as hell. Thanks.

My appologies.

> I really suggest you use masquerading rather than "real" routing. Not 
> necessary, and in this case slightly less secure since it actually 
> permits the concept of incoming traffic. Not what you want, I think.

One of the requirements of this installation is to allow remote desktop 
connections from subnet A (2 admin stations) to server on B.  Thus, I'm 
avoiding masq.  The could spready theoretically to all desktops in B.

> This will provide the information for the system to set your default 
> route. Do not set a default route somewhere else.

Well, after I set it, did a network restart, I have no default route, 
and no traffic from 50.1.  When I reboot, I get a default route (from a 
previous attempt I had made at getting this working??).  Then I DO get 
traffic from the net via 50.1

If I remove the static route, no internet again.

As I posted on a follow up to my own post...

When I boot, I have the following routes...

Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
172.20.5.0      *               255.255.255.0   U     0      0        0 
eth1
192.168.5.0     *               255.255.255.0   U     0      0        0 
eth1
192.168.50.0    *               255.255.255.0   U     0      0        0 
eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 
eth1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.50.1    0.0.0.0         UG    0      0        0 
eth0

if I do a network restart it limits down to this....

Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
172.20.5.0      *               255.255.255.0   U     0      0        0 
eth1
192.168.5.0     *               255.255.255.0   U     0      0        0 
eth1
192.168.50.0    *               255.255.255.0   U     0      0        0 
eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 
eth1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo

So I loose my default route (that I got somewhere when I booted ).

So I need to shore up two things it seems.

1. default route or no default route.  And keep the default route when I 
boot/or restart netowork.
2. Remove some old routes in my table, like the 172.20.5.0, and have 
that change stay after reboot (I'll need to know this after anyways, as 
I have to change the ip/subnets from my test environment to the live 
environment.

More information about the fedora-list mailing list