Hi,
The proper solution came in after only a few minutes. This is a great
list. The problem was that I didn't have a netmask set. The campus network
has a class B address and our institute LAN has a subnet with a mask of
255.255.255.0. This mask was not set in /etc/netmasks. I've added it to
/etc/netmasks and it works now. Pinging machines outside the institute LAN
is not possible anymore.
Thanks to the following people for their replies (I hope I didn't forget
anyone):
Casper Dik <Casper.Dik@holland.sun.com>
mike.salehi@kodak.com
Jed Dobson <jed@wgtech.com>
Carlo Musante <carlo@ucomm.wayne.edu>
Hans Schaechl <schaechl@bigfoot.com>
Jed Dobson <jed@wgtech.com>
Renny Koshy <renny@visualsoft.com>
Hoang Nguyen <hmnguyen@docHarbor.net>
Thanks again everybody // Tom
----------------------- Here's my original question -----------------
Hi,
We don't have a firewall here at the University and I'm usually protecting
machines which do not require access to the internet by just turning off
the default route to the next router. For configuring the default router
under Solaris, there's the /etc/defaultrouter file where you enter the IP
address of the default router.
Now, the problem is that even if I remove the /etc/defaultrouter file and
there's no default route visible in "netstat -r" the machine still can
reach the campus network. It cannot reach addresses on the internet, but
machines outside of our LAN still can be reached and vice versa: The
machine can be reached from the campus network, which is what I want to
avoid.
Traceroute shows that packets go over one router and I have no idea how
Solaris finds out how to reach this particular router.
I've already verified that:
- /etc/notrouter exists and "in.routed -q" does not run.
- in.rdisc does not run.
- dhcp is turned off and "/sbin/dhcpinfo Router" returns an
empty string.
This is netstat -r:
Routing Table:
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
129.27.0.0 mymachine U 3 7 elxl0
BASE-ADDRESS.MCAST.NET mymachine U 3 0 elxl0
localhost localhost UH 0 0 lo0
Where "mymachine" is the name of the machine in question.
BTW: All this is under Solaris 7.
Any ideas anyone?
Thanks // Tom
-- -------------------------------------------------------------------------- Dr. Tom Leitner Dept. of Communications Graz University of Technology, e-mail : tom@radar.tu-graz.ac.at Inffeldgasse 12 Phone : +43-316-873-7455 A-8010 Graz / Austria / Europe Fax : +43-316-463-697 Home page : http://wiis.tu-graz.ac.at/people/tom.html PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send mail with subject "get Thomas Leitner" to pgp-public-keys@keys.pgp.net -------------------------------------------------------------------------- Before we have the paperless office, we have the paperless toilet!S U BEFORE POSTING please READ the FAQ located at N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq . and the list POLICY statement located at M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy A To submit questions/summaries to this list send your email message to: N sun-managers@ececs.uc.edu A To unsubscribe from this list please send an email message to: G majordomo@sunmanagers.ececs.uc.edu E and in the BODY type: R unsubscribe sun-managers S Or . unsubscribe sun-managers original@subscription.address L To view an archive of this list please visit: I http://www.latech.edu/sunman.html S T
-- -------------------------------------------------------------------------- Dr. Tom Leitner Dept. of Communications Graz University of Technology, e-mail : tom@radar.tu-graz.ac.at Inffeldgasse 12 Phone : +43-316-873-7455 A-8010 Graz / Austria / Europe Fax : +43-316-463-697 Home page : http://wiis.tu-graz.ac.at/people/tom.html PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send mail with subject "get Thomas Leitner" to pgp-public-keys@keys.pgp.net -------------------------------------------------------------------------- Before we have the paperless office, we have the paperless toilet!
---------- Forwarded message ---------- Date: Wed, 30 Aug 2000 15:24:18 +0200 (MET DST) From: Thomas Leitner <tom@radar.tu-graz.ac.at> To: Sun Managers List <sun-managers@sunmanagers.ececs.uc.edu> Subject: How to disable the default route.
Hi,
We don't have a firewall here at the University and I'm usually protecting machines which do not require access to the internet by just turning off the default route to the next router. For configuring the default router under Solaris, there's the /etc/defaultrouter file where you enter the IP address of the default router.
Now, the problem is that even if I remove the /etc/defaultrouter file and there's no default route visible in "netstat -r" the machine still can reach the campus network. It cannot reach addresses on the internet, but machines outside of our LAN still can be reached and vice versa: The machine can be reached from the campus network, which is what I want to avoid.
Traceroute shows that packets go over one router and I have no idea how Solaris finds out how to reach this particular router.
I've already verified that:
- /etc/notrouter exists and "in.routed -q" does not run. - in.rdisc does not run. - dhcp is turned off and "/sbin/dhcpinfo Router" returns an empty string.
This is netstat -r:
Routing Table: Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 129.27.0.0 mymachine U 3 7 elxl0 BASE-ADDRESS.MCAST.NET mymachine U 3 0 elxl0 localhost localhost UH 0 0 lo0
Where "mymachine" is the name of the machine in question.
BTW: All this is under Solaris 7.
Any ideas anyone?
Thanks // Tom -- -------------------------------------------------------------------------- Dr. Tom Leitner Dept. of Communications Graz University of Technology, e-mail : tom@radar.tu-graz.ac.at Inffeldgasse 12 Phone : +43-316-873-7455 A-8010 Graz / Austria / Europe Fax : +43-316-463-697 Home page : http://wiis.tu-graz.ac.at/people/tom.html PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send mail with subject "get Thomas Leitner" to pgp-public-keys@keys.pgp.net -------------------------------------------------------------------------- Before we have the paperless office, we have the paperless toilet!
S U BEFORE POSTING please READ the FAQ located at N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq . and the list POLICY statement located at M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy A To submit questions/summaries to this list send your email message to: N sun-managers@ececs.uc.edu A To unsubscribe from this list please send an email message to: G majordomo@sunmanagers.ececs.uc.edu E and in the BODY type: R unsubscribe sun-managers S Or . unsubscribe sun-managers original@subscription.address L To view an archive of this list please visit: I http://www.latech.edu/sunman.html S T
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:15 CDT