[TriLUG] Routing...once again.

Greg Brown gwbrown1 at gmail.com
Wed Aug 9 10:16:00 EDT 2006


>
> Let me start by saying that Greg is a well meaning guy, who's generally
> on the ball.  With that peasantry out of the way, you're way off base on
> this thread Greg.  :)


I concede your point about  "netstat -rn" and the internal route tables and
such when you are logged into the device and have access to the loopback
interface.  However I'm taking a much more basic view of this and was
perhaps using "default gateway" in a less then techincally correct way.

If your linux box is not participating in any way at layer 3 (iptables is
off for instance) or if  iptables has forbidden both ranges to speak to one
another then layer 3 will have to be handled by an external device, i.e. the
gateway/router for that subnet.  If your linux box doesn't know how to
contact that l3 gateway then your linux box can only communicate with
devices on that subnet (which is being handled by layer 2).

Having set up devices for the gubbermint in a past life with one interface
on a black secured subnet and another on a public subnet I can say with
great certainty that a packet that arrives to the Linux box via the public
subnet will not appear in any way on the black subnet.  That kind of thing
would be handled by the public/black gateway which is operating at layer 3.


I was going to do some pings, etc, with a machine I have on a remote subnet
(the one at the beach, actually) but I managed to comment out the wrong
gateway and hosed myself.  Oh well.  Such is life.



More information about the TriLUG mailing list