Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Newbie default gw route question

0 views
Skip to first unread message

Jeremy Young

unread,
Feb 13, 2002, 12:16:40 AM2/13/02
to

I'm trying to set my default gateway to be a host that is not on my
local subnet. I'm using mandrake8.0 and the man page for route
suggests this is possible as long as the default gateway is added with
the -host switch. The object is to bypass a proxy server.

Here's a diagram of what I'm trying to do:

{Internet} ------- <ProxyServer>
+ +
+ 10.1.1.0 +
+ subnet +
+ +
<Firewall> ------- <RouterA> ----- <Workstation>
172.25.16.0 subnet
ProxyServer 10.1.1.91
Firewall 10.1.1.10
RouterA 172.25.16.1 (int on workstation subnet)
Workstation 172.25.16.50

RouterA has 0.0.0.0 route as 10.1.1.91(Proxy) so Internet traffic will
flow to it.
ProxyServer only allows traffic that is authenticated via client.
Firewall allows all inside traffic through to Internet.
I want to add 10.1.1.10(Firewall) as default route on Workstation.

Commands I tried:
route add -host 10.1.1.10 : set firewall host
route delete default gw 172.25.16.1 : remove existing default route
Successfully ping 10.1.1.10 from workstation!
route add default gw 10.1.1.10 [Network is unreachable] : attempt to
set firewall as default route

Even tried specifying subnet for firewall
route add -net 10.1.1.0 netmask 255.255.0.0 gw 10.1.1.1 : set
firewall network

Is this possible or was I mistaken reading the man page. Any help
appreciated!

- Jeremy Young

Karl Heyes

unread,
Feb 13, 2002, 9:16:22 AM2/13/02
to
On Wed, 13 Feb 2002 05:16:40 +0000, Jeremy Young wrote:

>
> I'm trying to set my default gateway to be a host that is not on my
> local subnet. I'm using mandrake8.0 and the man page for route
> suggests this is possible as long as the default gateway is added with
> the -host switch. The object is to bypass a proxy server.

You have to say what linux is going to do packets. If the router you
want is not on the local subnet then what IP does it have to send it to
to get to that IP.

try.

route add -host 10.1.1.10 gw 172.25.16.1 dev eth0
route add default 10.1.1.10 dev eth0

karl.

Jeremy Young

unread,
Feb 13, 2002, 10:09:37 AM2/13/02
to
On Wed, 13 Feb 2002 14:16:22 +0000, Karl Heyes

>You have to say what linux is going to do packets. If the router you
>want is not on the local subnet then what IP does it have to send it to
>to get to that IP.
>
>try.
>
>route add -host 10.1.1.10 gw 172.25.16.1 dev eth0
>route add default 10.1.1.10 dev eth0

I'm wondering if you think I have a multihomed linux box for my
client. I do not. eth0 and lo are my only interfaces. I did try as
you suggested by still get error "Network unreachable.
RouterA (172.25.16.1) and Firewall(10.1.1.10) are Cisco devices with
static routes that know how to get back to me.

Thanks again!

- Jeremy

The Skull

unread,
Feb 13, 2002, 11:15:33 AM2/13/02
to

Jeremy Young wrote:

>I'm trying to set my default gateway to be a host that is not on my
>local subnet. I'm using mandrake8.0 and the man page for route
>

[snip]

>Commands I tried:
>route add -host 10.1.1.10 : set firewall host
>route delete default gw 172.25.16.1 : remove existing default route
>Successfully ping 10.1.1.10 from workstation!
>

This is the part that sounds strange:
firewall is on a network which is different from the one you use.
Contact it requires that you have a gateway to that subnet. This was
your 172.25.16.1.
So, if you remove such a gateway, you simply cannot reach the firewall.
The only thing you could do is to set 172.xxxxxx as gw for the 10.1.0.0
net, and set up 10.1.1.10 as default gateway. It is strange and doesn't
make sense, for you will be under the same rules you had before, but
it's the only thing you could have, if you have not another gateway for
10.1.0.0.
This, if I've correctly understood that 172.25.16.1 redirects all
traffic to proxy server.

>
>route add default gw 10.1.1.10 [Network is unreachable] : attempt to
>set firewall as default route
>

obvious: you do not have a route to 10.1, for it is another network and
you didn't set a gateway to reach it...

>
>Even tried specifying subnet for firewall
>route add -net 10.1.1.0 netmask 255.255.0.0 gw 10.1.1.1 : set
>firewall network
>
>Is this possible or was I mistaken reading the man page. Any help
>appreciated!
>

It is surely possible, for route... only, you have to respect networking
principles to let all the thing work... :-)

My new 2 Euro-cents


--
Emanuele "SKULL" Balla
--------------------------------------------------------------------
"How should I know if it works? That's what beta testers are for. I only
coded it."
(Attributed to Linus Torvalds, somewhere in a posting)


Karl Heyes

unread,
Feb 13, 2002, 1:47:29 PM2/13/02
to

No, I assumming you have

...
... ----------------------
10.1.1.10 ..... | 10.1.1.x 172.25.16.1 |------- workstation
... ----------------------
...

You probably want to change the -host route to -net
route add -net 10.1.1.0 netmask 255.255.255.0 gateway 172.25.16.1 dev
eth0

Whats the route -n output

karl.

karl.

Jeremy Young

unread,
Feb 13, 2002, 2:50:43 PM2/13/02
to
On Wed, 13 Feb 2002 17:15:33 +0100, The Skull <sk...@skull.net> wrote:

>> Jeremy's Original Post


>>Commands I tried:
>>route add -host 10.1.1.10 : set firewall host
>>route delete default gw 172.25.16.1 : remove existing default route
>>Successfully ping 10.1.1.10 from workstation!
>

>obvious: you do not have a route to 10.1, for it is another network and
>you didn't set a gateway to reach it...

I wrote the wrong syntax in the original post. Very sorry!!
My first route command is this:
route add -host 10.1.1.10 gw 172.25.16.1 : forgot gw in original post

Next line was correct:


route delete default gw 172.25.16.1 : remove existing default route

Route table now shows:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.1.10 172.25.16.1 255.255.255.255 UGH 0 0 0 eth0
172.25.16.0 * 255.255.240.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo

route add default gw 10.1.1.10 : still returns Network is unreachable

Adding dev eth0 to all lines makes no difference to outcome.
Am I possibly missing metric info? I've tried diff metric values but no luck.

Hope this makes the problem a little more clear.

TIA!!

- Jeremy

Karl Heyes

unread,
Feb 13, 2002, 2:58:23 PM2/13/02
to
On Wed, 13 Feb 2002 19:50:43 +0000, Jeremy Young wrote:

> Route table now shows:
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 10.1.1.10 172.25.16.1 255.255.255.255 UGH 0 0 0 eth0
> 172.25.16.0 * 255.255.240.0 U 0 0 0 eth0
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
>
> route add default gw 10.1.1.10 : still returns Network is unreachable
>
> Adding dev eth0 to all lines makes no difference to outcome.
> Am I possibly missing metric info? I've tried diff metric values but no luck.

I presume with this you can ping both 172.25.16.1 and 10.1.1.10 with no
problem.

try the change I suggested in my other email, ie instead of route to host
use route to net

route add -net 10.1.1.0 netmask 255.255.255.0 gw 172.25.16.1 dev eth0

karl.

0 new messages