Routing, forwarding and routeadm
This is a discussion on Routing, forwarding and routeadm within the Sun Solaris Administration forums, part of the Solaris Operating System category; --> I've just discovered the routeadm command in Solaris 10 (may have existed earlier I suppose, I like that there's ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-16-2008, 11:03 AM
| ||||
| ||||
 Routing, forwarding and routeadm I've just discovered the routeadm command in Solaris 10 (may have existed earlier I suppose, I like that there's a manual page for /etc/notrouter explaining that it's obsolete...). The following is going to reveal just how little I know about routing... I think I understand the difference between routing and forwarding, but I'm not sure. My understanding is that forwarding is the low-level bit which makes the system willing to forward packets around (according to the kernel's routing table & possibly other things?), while routing means that there will be some daemon running which participates in a routing protocol, advertises routes etc (routed, by default, but presumably you could use another one by mucking around with routeadm). So I reckon that if I just want to have a machine which, in fact, does route, but only uses static routes (in particular I don't want it ever to listen to anyone else or advertise routes), it should be adequate to simply turn on forwarding and hand craft the routing table to my requirements. Or does routed do something else which I need? Secondly, presumably if I want to make a machine be a NAT gateway I also need forwarding on, because I guess that the system won't even accept packets which whose IP destination isn't the address of the interface unless it's on. Is that right, or am I hopelessly confused? --tim      |
|
01-16-2008, 11:03 AM
| |||
| |||
| Re: Routing, forwarding and routeadm "tfb" <tfb+google@tfeb.org> writes: >I've just discovered the routeadm command in Solaris 10 (may have >existed earlier I suppose, I like that there's a manual page for >/etc/notrouter explaining that it's obsolete...). Yep, around a bit, Solaris9 IIRC? >The following is going to reveal just how little I know about >routing... >I think I understand the difference between routing and forwarding, but >I'm not sure. My understanding is that forwarding is the low-level bit >which makes the system willing to forward packets around (according to >the kernel's routing table & possibly other things?), while routing >means that there will be some daemon running which participates in a >routing protocol, advertises routes etc (routed, by default, but >presumably you could use another one by mucking around with routeadm). Pretty much. Forwarding means that packets can be received on one interface, and put back out on another based on the routing table. Without forwarding on, the machine only will do packets that are directed towards itself, or pushed directly out from itself. I would refer to routing, as the routing table, no matter how its updated (by hand, or by routed/zebra/quagga/etc). I would refer to the process of learning external routes via some daemon (routed/zebra/quagga) running some routing protocol as dynamic routing. >So I reckon that if I just want to have a machine which, in fact, does >route, but only uses static routes (in particular I don't want it ever >to listen to anyone else or advertise routes), it should be adequate to >simply turn on forwarding and hand craft the routing table to my >requirements. Or does routed do something else which I need? No, thats right, you don't need to run routed, if you don't want to learn/advertise routes via RIP dynamicly. Static routing is certainly a decent option. >Secondly, presumably if I want to make a machine be a NAT gateway I >also need forwarding on, because I guess that the system won't even >accept packets which whose IP destination isn't the address of the >interface unless it's on. I'm not sure of natd's requirements, I don't have much experience with it. Offhand, I'd say forwarding wasn't needed, since the natd process should originate traffic on its own from what its received behind the private network, but the man page probably says. |
|
01-16-2008, 11:03 AM
| |||
| |||
| Re: Routing, forwarding and routeadm Doug McIntyre wrote: > I'm not sure of natd's requirements, I don't have much experience with it. > Offhand, I'd say forwarding wasn't needed, since the natd process > should originate traffic on its own from what its received behind the > private network, but the man page probably says. Well, I was assuming that you'd need forwarding on because the machine needs to accept (and rewrite) traffic which isn't for its IP address from the private (NATted) network, and I assumed it couldn't do that unless it had forwarding on because it would get rejected somewhere early in the IP stack. but I may be confused. --tim |
|
01-16-2008, 11:03 AM
| |||
| |||
| Re: Routing, forwarding and routeadm On 2006-11-29, tfb <tfb+google@tfeb.org> wrote: > Doug McIntyre wrote: > >> I'm not sure of natd's requirements, I don't have much experience with it. >> Offhand, I'd say forwarding wasn't needed, since the natd process >> should originate traffic on its own from what its received behind the >> private network, but the man page probably says. > > Well, I was assuming that you'd need forwarding on because the machine > needs to accept (and rewrite) traffic which isn't for its IP address > from the private (NATted) network, and I assumed it couldn't do that > unless it had forwarding on because it would get rejected somewhere > early in the IP stack. but I may be confused. Certainly, the IPfilter NATting doesn't work unless you have IP Forwarding switched on. (Not sure if this is relevant - haven't followed the thread.) -- "Other people are not your property." [email me at huge [at] huge [dot] org [dot] uk] |
|
01-16-2008, 11:03 AM
| |||
| |||
| Re: Routing, forwarding and routeadm > Certainly, the IPfilter NATting doesn't work unless you have > IP Forwarding switched on. > > (Not sure if this is relevant - haven't followed the thread.) yes, very much so, since I'll be using ipfilter. Thanks! --tim |
|
01-16-2008, 11:03 AM
| |||
| |||
| Re: Routing, forwarding and routeadm Huge <Huge@nowhere.much.invalid> wrote: > Certainly, the IPfilter NATting doesn't work unless you have > IP Forwarding switched on. No, forwarding can be disabled and NAT still work. I use NAT to run zones on a system with just a single public IP address. Forwarding is turned off on this system: # routeadm Configuration Current Current Option Configuration System State --------------------------------------------------------------- IPv4 forwarding disabled disabled IPv4 routing disabled disabled IPv6 forwarding disabled disabled IPv6 routing disabled disabled # ipnat -l List of active MAP/Redirect filters: map bge0 172.17.11.0/24 -> 0.0.0.0/32 rdr bge0 0.0.0.0/0 port 80 -> 172.17.11.6 port 80 tcp rdr bge0 0.0.0.0/0 port 443 -> 172.17.11.6 port 443 tcp rdr bge0 0.0.0.0/0 port 25 -> 172.17.11.3 port 25 tcp rdr bge0 0.0.0.0/0 port 587 -> 172.17.11.3 port 587 tcp rdr bge0 0.0.0.0/0 port 993 -> 172.17.11.3 port 993 tcp rdr bge0 0.0.0.0/0 port 995 -> 172.17.11.3 port 995 tcp [...] -- Daniel |
|
01-16-2008, 11:03 AM
| |||
| |||
| Re: Routing, forwarding and routeadm Daniel Rock wrote: > Huge <Huge@nowhere.much.invalid> wrote: > > Certainly, the IPfilter NATting doesn't work unless you have > > IP Forwarding switched on. > > No, forwarding can be disabled and NAT still work. > > I use NAT to run zones on a system with just a single public IP address. > But these are zones, right? So all that rewriting is after the data has made its way into the IP stack. I'm worried about what will happen when the machine is working as a real physical NAT router. (And I'm going to find out just as soon as people stop deleting files so I have a minute to do some real work...) --tim |
|
01-16-2008, 11:03 AM
| |||
| |||
| Re: Routing, forwarding and routeadm On 2006-11-29, Daniel Rock <v200648@deadcafe.de> wrote: > Huge <Huge@nowhere.much.invalid> wrote: >> Certainly, the IPfilter NATting doesn't work unless you have >> IP Forwarding switched on. > > No, forwarding can be disabled and NAT still work. That'll be why it didn't work until I enabled IPforwarding, will it? Switch IPforward on; it works. Switch IPForward off; it stops working. -- "Other people are not your property." [email me at huge [at] huge [dot] org [dot] uk] |
|
01-16-2008, 11:03 AM
| |||
| |||
| Re: Routing, forwarding and routeadm tfb <tfb+google@tfeb.org> wrote: > But these are zones, right? So all that rewriting is after the data > has made its way into the IP stack. I'm worried about what will happen > when the machine is working as a real physical NAT router. Yes, if the same packets go in and out then you have to enable forwarding. In my case the zones were running on the same machine. I just wanted to say that NAT doesn't require forwarding, they don't depend on each other. You can nat without forwarding and you can forward without natting. -- Daniel |
|
01-16-2008, 11:03 AM
| ||||
| ||||
| Re: Routing, forwarding and routeadm Huge <Huge@nowhere.much.invalid> wrote: >>> Certainly, the IPfilter NATting doesn't work unless you have >>> IP Forwarding switched on. >> >> No, forwarding can be disabled and NAT still work. > > That'll be why it didn't work until I enabled IPforwarding, will it? When you want to forward packets than you have to turn on ip forwarding, it is that simple. NAT doesn't imply forwarding. You could just NAT your zones running on the same machine (as I do). Your first statement above is certanly wrong. -- Daniel |
Linear Mode
