Two routes for localnet, how to delete the one without GW?

Question

I have a system were I get sporadic routing issues. When looking into the routing table I get the following:

localnet        static.xx.xx.x  255.255.255.192 UG    0      0        0 eth0
localnet        *               255.255.255.192 U     0      0        0 eth0

The first one is correct since "static.xx.xx.x" is the gateway for the local net. For security reasons the local net is only reachable via this gateway.

What is the correct syntax for "route del ..." to delete the second route? It expects me to specify a GW in the command.

Where is this route set? In /etc/network/interfaces I set the correct route on startup.

Thanks for your input on this!

Edit: Output of "route -n" as requestet:

root@lb01:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         aa.b.10.214     0.0.0.0         UG    100    0        0 eth0
aa.b.10.192     aa.b.10.193     255.255.255.192 UG    0      0        0 eth0
aa.b.10.192     0.0.0.0         255.255.255.192 U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

Falcon Momot · Accepted Answer · 2013-09-15T12:29:08.880

If you have an IP address on a subnet, which is what I assume you mean by local network, you will also have a route for it, intrinsically, because you have an interface on it. You can't direct all traffic to that network through a gateway because the gateway would be on that subnet too, and you need to have a route to the gateway.

Although this is absolutely terrible network architecture, you should be able to set the interface with an IP address and a subnet mast of /32. Then, add a static /32 route for the gateway on that interface, and a static /26 route for your network:

ip addr add 192.0.2.40/32 dev eth0
ip route add 192.0.2.1/32 dev eth0
ip route add 192.0.2.0/26 via 192.0.2.1 dev eth0

Of course you would have to do that without any IP addresses or routes configured on the interface. I don't recall the syntax for the debian /etc/network/interfaces file in any detail just now, but the way to configure that there should be obvious.

The problem with doing that, of course, is that other hosts on that network will not know to send traffic to your host through that gateway, because they will have a route for 192.0.2.0/26 on the link as well. This is why we use different subnets for hosts that should communicate through a router. Since you have a router anyway, set up a /30 subnet for this special host and use that instead.

For reference's sake, don't use net-tools stuff like route and ifconfig; they are ancient and there are lots of little weird things that confuse them. Use iproute2 instead. The iproute2 command to delete a route is simply to delete it, specifying the route as clearly as possible:

ip route del 192.0.2.0/26 dev eth0

It may let you do that, or it may not. Certainly, after doing it you won't have any network access on that host, if it succeeds.

Thank you for your answer. Of course I can reach the gateway on the same subnet. The setup is, that servers on the same subnet can only communicate with each other via the subnets gateway. — Bannane, Sep 15 '13 at 13:53
I don't think you quite get how subnets work. Hosts on the same subnet are in the same broadcast domain and intrinsically have a local route to all the other hosts in the same subnet. If you want all your traffic to be routed, set up multiple routed /30s. — Falcon Momot, Sep 15 '13 at 16:12
You are right! That would be a normal, old fashioned setup. My ISP however isolates all hosts on the same net from each other and requires them to route their traffic to each other via the gateway. That way poorly configured, infected hosts are not able to ddos the whole subnet and can be cut off easily at the router. — Bannane, Sep 15 '13 at 18:40
You can do this, but only at layer 2. It is not old-fashioned; it's the way to do it in IP, unless you can configure every host with a /32 netmask in this way, and then one wonders why you bother putting them in the same subnet. — Falcon Momot, Sep 15 '13 at 18:46

score 0 · Answer 2 · edited Jun 13 '16 at 16:18

0

Please provide the output of route -n.

EDIT:

ip route del aa.b.10.192/26 via 0.0.0.0 dev eth0

should do the trick, where aa and b are the respective octets from your routing table.

edited Jun 13 '16 at 16:18

Pierre.Vriens

1,159
34
15
19

answered Sep 15 '13 at 12:14

Martin von Wittich

196
13

root@lb01:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 aa.b.10.214 0.0.0.0 UG 100 0 0 eth0 aa.b.10.192 aa.b.10.193 255.255.255.192 UG 0 0 0 eth0 aa.b.10.192 0.0.0.0 255.255.255.192 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 – Bannane Sep 15 '13 at 13:58
See OP for better readability – Bannane Sep 15 '13 at 14:00

Two routes for localnet, how to delete the one without GW?

2 Answers2