Опубликован: 06.08.2012 | Уровень: специалист | Доступ: платный
Лекция 17:

Configuring the local network

< Лекция 16 || Лекция 17: 12345 || Лекция 18 >

Looking at the routing tables

You can show the routing tables with the netstat tool. Option -r shows the routing tables. For example, on freebie you might see:

# net stat -r
Routing tables

Destination  Gateway            Flags  Refs    Use  Netif  Expire
default      gw                 UGSc     9    8732    rl0  
localhost    localhost          UH       0    1255    lo0  
223.147.37   link#2             UC       0       0    
presto       0:0:c0:44:a5:68    UHLW    13  139702    rl0    1151
freebie      0:a0:24:37:d:2b    UHLW     3   38698    lo0  
wait         0:60:97:40:fb:e1   UHLW     6    1062    rl0     645
bumble       8:0:20:e:2c:98     UHLW     2      47    rl0    1195
gw           0:60:97:40:fb:e1   UHLW     6    1062    rl0     645
broadcast    ff:ff:ff:ff:ff:ff  UHLWb    2    5788    rl0  

There’s lot to notice about this information:

The first column is the name of a host or a network to which packets can be sent, or the keyword default.

The second column, the gateway, indicates the path to the destination. This field differs significantly even from older versions of UNIX. It can be the name of a host (for example, gw), a pointer to an interface (link#2, which means the second Internet interface; the output from ifconfig is in the same sequence), or an Ethernet address (8:0:20:e:2c:98). Older versions of UNIX do not use the last two forms.

We’ll look at the fags below. The most important ones to note are G (gateway) and H (host).

The fields Refs, Use and Expire are only of interest when you're running a routing protocol. See the man page netstat(l) for more details.

Netif is the name of the interface by which the gateway can be reached. In the case of a link, this is the interface, so the Netif field is empty.

The order of the entries is not important. The system searches the table for a best fit, not a first fit.

The default entry points to gw, as we would expect. The interface, rl0, is the interface by which gw can be reached.

You will also get some additional output for IPv6 ("Internet "). If you're not using IPv6, you can ignore it. If it gets on your nerves, you can limit your view to IPv4 by entering the command netstat -rfinet. The -f fag specifies which address family you're interested in, and inet specifies IPv4.


Compared to earlier versions of netstat, the current version displays many more fags. The following table gives you an overview.

Таблица 17.2. net stat -r tags values
Flag Name Meaning
1 RTF_PROTO1 Protocol specific routing flag 1
2 RTF_PROTO2 Protocol specific routing flag 2
3 RTF_PROTO3 Protocol specific routing flag 3
B RTF_BLACKHOLE Just discard pkts (during updates)
b RTF_BROADCAST The route represents a broadcast address
C RTF_CLONING Generate new routes on use
c RTF_PRCLONING Protocol-specified generate new routes on use
D RTF_JDYNAMIC Created dynamically (by redirect)
G RTF_GATEWAY Destination requires forwarding by intermediary
H RTF_HOST Host entry (net otherwise)
L RTF_LLINFO Valid protocol to link address translation
M RTF_MODIFIED Modified dynamically (by redirect)
R RTF_REJECT Host or net unreachable
S RTF_STATIC Manually added
U RTF_UP Route usable
W RTF_WASCLONED Route was generated as a result of cloning
X RTF_XRESOLVE External daemon translates proto to link address

Packet forwarding

We saw above that when a system receives packet that is not intended for itself, it looks for a route to the destination. In fact, this is not always the case: by default, FreeBSD just silently drops the packet. This is desirable for security reasons, and indeed it’s required by RFC 1122, but if you want to access the Internet via another machine on your local net, it’s less than convenient.

The rationale for this is that most systems are only connected to one network, and it doesn't make sense to have packet forwarding enabled. Earlier systems made this a kernel option, so that disabling packet forwarding also made the kernel fractionally smaller. In current versions of FreeBSD, the code is always there, even if it is disabled.

It’s straightforward enough to set up your machine as a router (or gateway): you can set it with the sysctl command:

# sysctl -w net.inet.ip.forwarding=1
net.inet.ip.forwarding: 0 -> 1

In /etc/rc.conf you can set this with the variable gateway_enable:

gateway_enable="YES "  # Set to YES if this host will be a gateway.

Configuration summary

In the course of this chapter, we've discussed a number of different configurations. In this section we'll summarize the configuration for for free-gw.example.net, since it is the most complicated. You enter the following information in your /etc/rc.conf:

  • Set your host name:
    hostname="free-gw.exarrple. net "
  • For each interface, specify IP addresses and possibly net masks for each interface on the machine:

    The PPP interfaces are configured independently,so we won't look at them here, but we might need their addresses for static routes. The local interface address for pppO is, and the local address for ppp3 is

  • Decide on a default route. In this case, it is the gateway machine igw.example.net, with the address
    defaultrouter="" # Set to default gateway (or NO).
  • Decide on other routes. In this case, we have two, to example.org and biguser.com. List them in the variable static_routes:
    static_routes="freebie biguser" # Set to static route list
  • For each static route, create a variable describing the route:
    route_freebie="-net" route_biguser="-net -iface ppp0"
  • Enable IP forwarding:
    gateway enable="YES "  # Set to YES if this host will be a gateway.

Without the comments, this gives the following entries:

default router=""  # Set to default gateway (or NO).
static_routes="freebie biguser"  # Set to static route list
route_biguser="-net -iface ppp0"
gateway enable="YES "            # Set to YES if this host will be a gateway.

For machine configured with DHCP, you might have:

< Лекция 16 || Лекция 17: 12345 || Лекция 18 >