Chris Smith asked:
I can ping and see the http config page on my cable modem at its fixed address of
192.168.100.1 from computers on the local network behind my Linux internet gateway. That gateway is the default route for machines on the network.
netstat does not indicate any route to
192.168.*, but the gateway must be routing packets to
192.168.100.1 because I can reach the modem at that address from machines behind the gateway and from the gateway itself.
How does the gateway know to send those packets to the internet interface instead of saying that the network is unreachable? Is there some way to monitor/view/control other routes set up like this?
I’m using Shorewall to configure firewall rules by interface. Could hosts on the internet segment spoof other private addresses and cause internal packets to be routed outside? I’m thinking no since the rules are specified by interface, but I don’t understand the mechanism here.
- ISP is Comcast
- Modem is a Motorola SB6121
- Gatway is a Ubuntu 12.04.1 (precise) with stock kernel 3.2.0-29-generic #46-Ubuntu SMP x86_64
- Gateway provides firewall, NAT and VPN services
traceroutedoes not indicate any hops between the gateway and the modem at
- The gateway does not have an address on
ip neighbor showalso does not indiciate a route to any
netstat -rn output:
Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 220.127.116.11 0.0.0.0 UG 0 0 0 eth1 10.88.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.88.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 10.88.10.0 10.88.10.2 255.255.255.128 UG 0 0 0 tun0 10.88.10.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.88.10.128 10.88.10.130 255.255.255.128 UG 0 0 0 tun1 10.88.10.130 0.0.0.0 255.255.255.255 UH 0 0 0 tun1 18.104.22.168 0.0.0.0 255.255.252.0 U 0 0 0 eth1
- The default gateway is provided by the ISP.
eth1is connected to the modem’s ethernet jack.
eth0 10.88.8.0/24is the wired network.
eth1 10.88.9.0/24is the wireless network.
tun0,tun1 10.88.10.0/24covers the OpenVPN TUN clients. It looks odd, but that setup is required to support Windows TUN clients. I have two to support both UDP and TCP.
You have a default route, so anything not specified in the routing table goes to the default route.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.