This time I do need help. It isn't strictly about packet filtering, and
so if someone can recommend a more appropriate group I'll move my
question there.

I'm trying to "blackhole" certain networks with static routes in
inetcfg. I'm having no problems with networks with masks of
255.255.255.0. The routes for networks with masks of 255.255.0.0 don't
work, however.

Example: I entered static routes for networks of the form a.b.0.0 and
a.c.0.0, each with masks of 255.255.0.0. The routes are passive and the
metrics are 1. For each the destination is 10.0.x.y, which is an unused
but legitimate address on our private network. After entering the
routes and "reinitialize system" I am still able to ping IPs in those
networks. Again, route rules of the form p.q.r.0/255.255.255.0 work
just fine.

Any ideas why these routes are not working?


Jim Wagner

Are the addresses supernetted?

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Craig Johnson wrote:
> Are the addresses supernetted?
>
> Craig Johnson


I'm sorry, but could you rephrase the question a bit more concretely? I
rarely deal with network routing, and I'm afraid that "supernetted" is
outside of my lexicon and understanding.


Jim Wagner

Hi,

Jim Wagner wrote:
>
> Any ideas why these routes are not working?

What does tcpcon say about these routes

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de

Massimo Rosen wrote:
> Hi,
>
> Jim Wagner wrote:
>> Any ideas why these routes are not working?
>
> What does tcpcon say about these routes
>
> CU,

It doesn't list those two broken class-B routes at all. It does,
however, list some routes for class-C networks that I created. I assume
this means I have something configured improperly.


Jim Wagner

Hi,

Jim Wagner wrote:
>
> Massimo Rosen wrote:
> > Hi,
> >
> > Jim Wagner wrote:
> >> Any ideas why these routes are not working?
> >
> > What does tcpcon say about these routes
> >
> > CU,
>
> It doesn't list those two broken class-B routes at all.

Weird.

Can you post sys:\etc\gateways?

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de

Massimo Rosen wrote:
> Can you post sys:\etc\gateways?

Gladly, although with some obfuscation for security reasons. All of the
class-C routes work, but the class-B's do not.


Net 0 Gateway w.x.y.254 Metric 1 Passive
Net m.n.8.0/255.255.255.0 Gateway 10.0.q.r Metric 1 Passive
Net m.n.9.0/255.255.255.0 Gateway 10.0.q.r Metric 1 Passive
Net m.n.10.0/255.255.255.0 Gateway 10.0.q.r Metric 1 Passive
Net m.n.11.0/255.255.255.0 Gateway 10.0.q.r Metric 1 Passive
Net a.b.0.0/255.255.0.0 Gateway 10.0.q.r Metric 1 Passive
Net a.c.0.0/255.255.0.0 Gateway 10.0.q.r Metric 1 Passive
Net a.c.1.0/255.255.255.0 Gateway 10.0.q.r Metric 1 Passive


Jim Wagner

Supernetting means to take (as one example) a class C address and give
it a class B subnet mask.

For instance, you try to set something up like this:
192.168.0.0 (255.255.0.0)

That's a class C network address with class B mask, and is thus
supernetted.

NetWare will allow this as an end node, but not as a router. Filters
will not work if supernetted either.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

Craig,

Craig Johnson wrote:
>
> Supernetting means to take (as one example) a class C address and give
> it a class B subnet mask.
>
> For instance, you try to set something up like this:
> 192.168.0.0 (255.255.0.0)
>
> That's a class C network address with class B mask, and is thus
> supernetted.
>
> NetWare will allow this as an end node, but not as a router. Filters
> will not work if supernetted either.

All true, but of course there's no problem whatsoever to define whatever
routes you like. Supernetting problems only apply when the local IP of
the server comes into play, but that's not the issue here.

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de