Subject: Re: illegal network routes and a ponderance
To: None <>
From: None <>
List: tech-net
Date: 02/19/2003 08:32:39
On Wednesday 19 February 2003 00:43, David Laight wrote:
> > > > *Many* ethernet segments are shared by multiple networks.
> yes - typically happens when a large company has so many small networks
> that the subnet size is reduced to 64 hosts, but some segments have
> rather more than 60 systems connected to them.

Precisely. And unfortunately I've been stuck on more than one on more than one 
occasion, and because I was sharing switches with other machinery, we all 
(sometimes) would have gateways of a single IP address not in a netmask on 
our interface. Which sucked, of course, but was a reality.

> In order to stop packete appearing on the cable twice, it is necessary
> to add a route that indicates that systems in that subnet should be
> arped.  (ICMP redirects can't fix this one.)

No problemo--I can reach actual subnets that way, but not program a default 
route to one of those other subnets unless I steal an IP address from one of 
those other subnets that doesn't belong to me. Unfortunately.

> > Not at all. It currently seems impossible (unless perhaps I'm missing 
> > something, which itself is certainly possible) to set the default route to
> > be an IP on one of those other networks.
> It is easy....
> 1) Allocate an address out of your own subnet to the router,
> 2) Set that address as the target of the default route
> 3) Add a local arp table entry for the address you allocated to the
>    router with the routers actual ethernet address.
> Note that the configuration of the router doesn't ned to be changed.

So the trick is to lie to the OS and eat up one of my own IP addresses from my 
own subnet by populating the ARP table with the MAC address of the router 

Very interesting solution! See, this is precisely why I brought this up. I'll 
have to remember that In Case Of Emergency.

Thanks. (Still, perhaps you'll agree that it'd be nice to not have to eat up 
one of your own addresses. In a colo facility, IP addresses are precious. :-)