View previous topic :: View next topic |
Author |
Message |
inhibitor n00b
Joined: 08 Apr 2014 Posts: 4
|
Posted: Tue Apr 08, 2014 2:09 pm Post subject: equivalent of cisco no ip classless command on Linux |
|
|
Hello guys ,
Can somebody tell me how can I get similar behavior as do following Cisco command on Linux ?
What according this link http://www.techexams.net/forums/ccna-ccent/23349-no-ip-classless.html do following
For example If I have next routing table
Code: | # ip route list
172.28.60.0/22 dev eth0 proto kernel scope link src 172.28.61.222
default via 172.28.60.1 dev eth0 |
If a packet comes in is destined for 172.28.64.100 then this packet is dropped . If packet is destined for 200.200.200.1, then this packet will be routed out the default route. Because the classfull portion 200.200.200 is not in the routing table.
If I do this, is it ok ?
Code: | iptables -A OUTPUT -d 172.28.60.0/22 -j ACCEPT
iptables -A OUTPUT -d 172.28.0.0/16 -j DROP |
Which range of IPs should i drop to get same behavior ?
Or its possible to get same behavior using other tools than iptables etc. iproute2 ?
I have limited knowledge of routing an networking so any idea helps . Thank you ... |
|
Back to top |
|
|
Ralphred Guru
Joined: 31 Dec 2013 Posts: 501
|
Posted: Thu Apr 10, 2014 11:26 am Post subject: |
|
|
All the iptables and routing behaviour I've seen in linux seems to work the same as a Cisco device with ip classless set, but it's not something I've ever considered too much.
Quote: | Code: | iptables -A OUTPUT -d 172.28.60.0/22 -j ACCEPT
iptables -A OUTPUT -d 172.28.0.0/16 -j DROP |
|
Dropping the whole class B after allowing your /22's worth of it through in iptables is acceptable, would stop it getting routed via the gateway and mimic no ip classless at the same time.
Putting a static route for the whole class B to a dead end, with a higher metric than the actual route to your /22's worth, could appear to mimic in the same way; but it's mimicing it by being a broken routing table, albeit by design, without actually dropping the packets, and that makes me feel... uncomfortable. |
|
Back to top |
|
|
AngelKnight Tux's lil' helper
Joined: 14 Jan 2003 Posts: 127
|
Posted: Sun Apr 13, 2014 5:25 pm Post subject: |
|
|
@inhibitor: Linux L3 forwarding is classless by default.
inhibitor wrote: |
For example If I have next routing table
Code: | # ip route list
172.28.60.0/22 dev eth0 proto kernel scope link src 172.28.61.222
default via 172.28.60.1 dev eth0 |
If a packet comes in is destined for 172.28.64.100 then this packet is dropped . If packet is destined for 200.200.200.1, then this packet will be routed out the default route. Because the classfull portion 200.200.200 is not in the routing table. |
If you're asking if this will be the result, the answer is it will not: 172.28.64.100 will probably hit the default route and be forwarded to the listed destination.
If you're saying you're actually experiencing this behavior on a modern Linux box, then there's something unusual and more information will be needed in order to help you. Try attaching the output of "ip route show table all" |
|
Back to top |
|
|
inhibitor n00b
Joined: 08 Apr 2014 Posts: 4
|
Posted: Wed Apr 16, 2014 8:01 am Post subject: |
|
|
@AngelKnight
No I am not experiencing this behavior . But I would like . I would like to change default Linux behavior from ip classless to no ip classless .
And I was not sure how can I set it and if it's possible to do with iptables , iproute2 or any other tool . |
|
Back to top |
|
|
|