hello - strange routing problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello, this is my first post to this particular list - I look forward to 
interacting with everyone here.

I have a sticky problem that maybe you can help me figure out.  I've gone 
through all sorts of resources and haven't been able to find an answer, and 
it's really getting to me - maybe you can help me sleep tonight.  :-)

OK, where I worked, we had a fairly common routing problem - due to a quirk 
of the route(8) program, someone neglected to add a netmask qualifier, and it 
added a class A instead of a class C.  This resulted in a route:

64.0.0.0		*	255.0.0.0	eth0

when it was supposed to be:

64.x.x.0		*	255.255.255.0	etho

(simplified).

Even though it was an error, this route should have had the effect of 
blocking all traffic from the 64.x.x.x/8 domain, except for the one /24 that 
we explicitly added a route for.  Well, more specifically, routing all 
responses somewhere other than the default route.  Same deal.  And we 
verified that at least one client could not access us,  and after we removed 
the route, they suddenly could, and were happy.

But upon going back through the logs, we found that some people from the 
64.x.x.x/8 domain WERE able to access us, quite consistently.  This should 
not have happened, near as I can tell - although the route should not have 
been there, the fact that it was should have prevented the entire domain from 
accessing our servers.

The only other strange thing that I can see, is that a similar problem 
occured with the ifconfig statement for the eth0 aliases, ie, a mask of 
255.0.0.0 was specified.  I  really don't think that this should have caused 
this problem, as the interface doesn't determine the routing.

I thought of the possibility of an ARP proxy on our colocation router, 
however, most of the 64.x.x.x clients were all over the net, some 8 or 9 hops 
through the backbone - I can't imagine any sane provider providing ARP proxy 
on a huge network like that - it'd bog things down horribly.

I verified for the customer that could not get through - our server was, as I 
would expect - attempting to ARP for his IP.  I'm just trying to figure out 
how people could get through.

Thare are no dynamic routing protocols running on our server - no routed, no 
gated, nothing of the sort.

Help?

Thanks.

--Russell
-- 
Russell Miller
duskglow2000@yahoo.com
Somewhere in Northwestern Iowa
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux