Re: potential routing loops

Anders Hammarquist (iko@netg.se)
18 Aug 1997 08:15:17 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ron Parker: "Re: PM3 setup question => Pac Bell PRI"
Previous message: Stephen Fisher: "Re: USR Sporsters & Disconnects with new K56Flex modems"
Maybe in reply to: Igor V. Semenyuk: "potential routing loops"
Next in thread: Damien T.: "Re: potential routing loops"

In article <Pine.BSF.3.95q.970817200619.28679D-100000@misery.sdf.com>,
Tom Samplonius <tom@sdf.com> wrote:
>> Interesting thing is that if you add a static route for the assigned block
>> yourself (and point it to the pormaster's ethernet interface address)
>> the portmaster treats the route as a blackhole - no packets looping,
>> they just die there at portmaster.
>
>Or you can add a manual route to a non-existant address for the blocks.

The nicest way to fix this given the current (3.7) release is to add an
outgoing filter to the ethernet port blocking all source addresses
that are not supposed to be in the portmaster. Supposing your pm is
192.198.0.1 and in has 192.198.1.0/26 routed to it, add the filter

1 permit 192.198.1.0/26 0.0.0.0/0
2 permit 192.198.0.1/32 0.0.0.0/0

as ofilter to ether0. This has the additional benefit that your customers
cannot get packets with improper source addresses onto the net, so you
probably want a filter like this even if you don't need it to prevent
routing loops.

/Anders

-- 
 -- Of course I'm crazy, but that doesn't mean I'm wrong.
Anders Hammarquist   |          This space          | iko@netg.se
NetGuide Scandinavia |   intentionally left blank   | Fax: +46 31 50 79 39
http://www.netg.se   |                              | Tel: +46 31 50 79 40

Next message: Ron Parker: "Re: PM3 setup question => Pac Bell PRI"
Previous message: Stephen Fisher: "Re: USR Sporsters & Disconnects with new K56Flex modems"
Maybe in reply to: Igor V. Semenyuk: "potential routing loops"
Next in thread: Damien T.: "Re: potential routing loops"