Routing to loopback?

Routing to loopback?

Post by Eugene McDerm » Mon, 25 Jun 2001 22:19:30



While waiting for the budget for a cisco router, we've connected a
Solaris 8 machine as our SDSL router. Its working well for our /26
subnet, but we're trying to eliminate routing to RFC1918 networks.

We're using ipfilter to block the addresses, but the question arose
from the cisco knowledgable folks here about the most efficient
routing for "non-routable" addresses. With cisco routers, static
routing can be set up to direct RFC1918 addresses to Null0 or Lo0,
rather than using extra CPU with ACLs.

Is such a thing possible with solaris? Routing to /dev/null doesn't
work, and we can't create additional loopbacks with
# ifconfig plumb lo0:1
ifconfig: lo0:1: bad address
# ifconfig plumb lo1
ifconfig: lo1: bad address

But we can add static routes to lo0 with
route add -net 10.0.0.0 127.0.0.1

Does such a static route save on CPU power, or should we just continue
to let ipfilter deal with some bad clients (gnutella) on the network?

Eugene

 
 
 

Routing to loopback?

Post by Rich Andrew » Tue, 26 Jun 2001 18:17:15


I believe there is a way to tell Sol * that the route is dead or
something like that.  Routing to 127.0.0.1 is almost always a bad idea.
  Been there, done that, undone that....  (:>)

rich


> While waiting for the budget for a cisco router, we've connected a
> Solaris 8 machine as our SDSL router. Its working well for our /26
> subnet, but we're trying to eliminate routing to RFC1918 networks.

> We're using ipfilter to block the addresses, but the question arose
> from the cisco knowledgable folks here about the most efficient
> routing for "non-routable" addresses. With cisco routers, static
> routing can be set up to direct RFC1918 addresses to Null0 or Lo0,
> rather than using extra CPU with ACLs.

> Is such a thing possible with solaris? Routing to /dev/null doesn't
> work, and we can't create additional loopbacks with
> # ifconfig plumb lo0:1
> ifconfig: lo0:1: bad address
> # ifconfig plumb lo1
> ifconfig: lo1: bad address

> But we can add static routes to lo0 with
> route add -net 10.0.0.0 127.0.0.1

> Does such a static route save on CPU power, or should we just continue
> to let ipfilter deal with some bad clients (gnutella) on the network?

> Eugene


 
 
 

Routing to loopback?

Post by Andrew Millevill » Sat, 30 Jun 2001 09:30:36


Read the route manpage, especially the part that talks about blackhole
routes.


: While waiting for the budget for a cisco router, we've connected a
: Solaris 8 machine as our SDSL router. Its working well for our /26
: subnet, but we're trying to eliminate routing to RFC1918 networks.

: We're using ipfilter to block the addresses, but the question arose
: from the cisco knowledgable folks here about the most efficient
: routing for "non-routable" addresses. With cisco routers, static
: routing can be set up to direct RFC1918 addresses to Null0 or Lo0,
: rather than using extra CPU with ACLs.

: Is such a thing possible with solaris? Routing to /dev/null doesn't
: work, and we can't create additional loopbacks with
: # ifconfig plumb lo0:1
: ifconfig: lo0:1: bad address
: # ifconfig plumb lo1
: ifconfig: lo1: bad address

: But we can add static routes to lo0 with
: route add -net 10.0.0.0 127.0.0.1

: Does such a static route save on CPU power, or should we just continue
: to let ipfilter deal with some bad clients (gnutella) on the network?

: Eugene

--
+-------------------------------------------------------------------
One of the primary reasons for the fall of the Roman Empire was that
lacking zero, they had no way of indicating successful termination
of their C programs.

 
 
 

1. Assigning host routes to loopback

I'm attempting to assign a /32 IP address to lo0:1 on a Solaris 8 box and
am having some difficulty.  Hopefully someone here can point me in the
right direction.

I don't seem to be able to set the netmask for an IP to 255.255.255.255
in the /etc/inet/netmasks file.  This IP is out of a larger /24, of which
I've used a /26 on a physical dmfe0 interface.  So I want things to look
something like this:

                                            .-----------------------.
                                            |   lo0  127.0.0.1/8    |
  192.0.2.1/26 gw <-- dmfe0:192.0.2.10/26 - +                       |
                                            | lo0:1  192.0.2.254/32 |
                                            `-----------------------'

Setting up the interface via ifconfig will get the netmasks I want, but
I would prefer to store this in the configuration files if possible,
particularly since I want the configuration to survive across restarts.
I had set lo0:1 to 192.0.2.65 with a mask of 255.255.255.252 successfully
so I know VLSM is working at least in part.  I've also tried using an
entirely different IP and a 255.255.255.255 mask, but that didn't appear
to be any more successful.

Is the only way to get this configuration to run something like:

  ifconfig lo0 addif 192.0.2.254/32 up

in a startup script or am I missing?  Thanks in advance for any assistance,

John

2. Protocols using packet Fragmentation/Agregation?

3. route for loopback keeps disappearing

4. remote boot on Solaris 86

5. fake loopback route

6. Redhat Vs Debian for Alpha

7. loopback and routing table - lamer question

8. images not retrieved from browser cache

9. cannot add route to local host through loopback

10. Advanced Linux Route/Loopback Problem

11. Solaris 8 loses loopback route

12. Routing external address to loopback

13. A loopback route is spontaneously added with hidden arp patch?