[KLUG Members] Routing without routing

[Andrew Thompson]

On Thu, 2004-02-05 at 05:08, Robert G. Brown wrote:
> My ISP called me yesterday and told me they were moving my static IP
> addresses, and they were giving me about 3 days' lead time before they
> were thinking of cutting off the old addresses and routing.

Finally got around to you, did they? Think I went through the rigamarole
early last week, here in BC. Nice thing, needing to change only a couple
of ifcfg files. Oh, and some copy/paste with Shorewall's files, but
again, no biggie. While I was at it, I mucked about a bit with some DNS
stuff. Still don't have things working too well there, but a little
better.

The only real problem I ran into arose a couple days later. For some
reason, my main machine was suddenly no longer getting packets out to
the internet, even though the firewall and another machine inside the
network could do so. I finally just restarted the firewall machine,
which made the problem go away for a couple of days. The next time it
happened, I rolled up the sleeves a bit, and darned if I didn't find an
old GATEWAY value in /etc/network! I changed that, and haven't had the
problem since! (knocks on woodgrain veneer)

> But the really INTERESTING part of this was some good news, namely that I 
> didn't have to define a default routing to start getting traffic on the new
> addresses. In fact, from what I can see, the only reason for the "default"
> line in the routing table is to get outgoing traffic (that is, packets
> that originate INSIDE the LAN) out onto the Internet.
> 
> Now, I thought that the default line was needed for INBOUND traffic as
> well, but apparently not.... UNLESS my ISP is doing some special routing to 
> keep things running. I can imagine how that's done, but I think it is
> interesting that the basic networking seems to be working fine without
> any explicit entries in the routing table that determines what happens.

I'm not sure, but I think much of that routing information is determined
automatically, anymore. Say, if you have an interface with an address
somewhere in 192.168.xxx.yyy, then, when you bring it up, the script
checks out the IP, works out the netmask and other info, then adds a
route the directs any traffic for 192.168.aaa.bbb through THAT
interface. My guess is, there's a 'route' line SOMEWHERE in one of the
relevant scripts, but I've not been in the mood to look for it.

As for directing inbound traffic, I'm pretty sure that's your firewall
at work, or at least iptables/ipchains. The service is set up to
translate packet destinations (DNAT) BEFORE they hit the router, and
handle source translation (SNAT) after it's done with them. That way,
the router never knows or needs to know where packets are 'really'
supposed to go. For example, if you're set up to route packets for
65.43.210.1 to 192.168.149.42 internally, an inbound packet for the
first address will have its destination changed to the second before it
gets to the router, and as far as the router's concerned, it was always
meant for the second.

> Further, I suppose the default routing could be deleted, and while it
> would stop anything that initiates packets from getting out (using a web
> browser, for example), it would not stop incoming traffic....

Not as long as you keep the NAT/MASQ settings, I would imagine. I rather
wonder if the system might try to regenerate the default route if you
did delete it, but I haven't got around to playing those kinds of games
yet. *grin*

> Anyone who knows more about networking care to comment or provide some
> additional information? We don't see a lot of messages noting that things
> work better than expected, but this may be a little-known set of properties
> for some readers, and it may have several useful applications...

Well, I doubt I could claim anywhere NEAR your networking experience,
and wouldn't be surprised to find I've just been wasting precious
bandwidth stating the obvious, but if anyone does get some use out of my
little commentary... welcome!

-- 
Andrew Thompson <tempes@ameritech.net>
The Imagerie