From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexandru Dragoi Date: Wed, 15 Nov 2006 12:27:34 +0000 Subject: Re: [LARTC] netmask 255.255.255.255 vs ip route add via ... (bug?) Message-Id: <455B07B6.4010103@zoomnet.ro> List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Martin A. Brown wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Greetings Andrew McGill, > > : I want to use the netmask 255.255.255.255 to insulate (not quite > : isolate) machines on a shared subnet from each other. This works > : just fine on win XP, but Linux iproute will not acccept the > : gateway address in one step -- neither on the command line nor > : via DHCP: > > Try using the onlink nexthop flag for your route: > > # ip route add onlink default via 192.168.1.17 > shouldn't be # ip route add onlink default via 192.168.1.17 dev $DEV ? Because from the point of view of the kernel, 192.168.1.17 is unreachable, it must know the interface. > This marks the route for entry even though the local routing table > may not have a route to the nexthop destination. In your case, this > is a valid parameter, and should prevent the need for you to add the > host route only to remove it. > > : So why did we need that host route? > > You need the host route to the destination as a simple sanity check. > - From the perspective of the kernel, there's no route to 192.168.1.17 > if the IP bound to your interface is a /32. When you add the route, > the sanity check succeeds. > > Essentially, you are suppressing this sanity check by using the > onlink parameter, which says "Yes, I know there's no route to IP > 192.168.1.17 out this interface, but I know the IP is there on this > link layer anyway, so set the route anyway and stop griping."* > > Good luck, > > - -Martin > > * RTNETLINK answers: Network is unreachable > > - -- > Martin A. Brown > http://linux-ip.net/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/) > > iD8DBQFFWnH+HEoZD1iZ+YcRAsu2AKDixJF7A0LMClN8snQVq1zk9DV4dQCeIW7R > HMtOMud8Kt5yQLskMK7HwDY> =PVyl > -----END PGP SIGNATURE----- > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc