Sun and Oracle Community Voices How to Buy Log In United States [Change] English

BigAdmin System Administration Portal
Community-Submitted Tech Tip
Print-friendly VersionPrint-friendly Version
This content is submitted by a BigAdmin user. It has not been reviewed for technical accuracy by Sun Microsystems, though it may have been lightly edited to improve readability. If you find an error or would like to comment on the article, please contact the submitter or use the comment field at the bottom of the article. Community submissions may not follow Sun trademark guidelines. For information on Sun trademarks, please see http://www.sun.com/suntrademarks/.
 
 

Implementing Persistent Host and Network Routes on Solaris Systems

By Michael Peters

This Tech Tip explains how to enable persistent routing instructions on a Solaris system, for security and networking. Persistent route statements are necessary if your system is routing network traffic to alternate segments or hosts that reside on your private network. Persistent routing is also useful when implementing a firewall.


System Requirements
  • Hardware: At least two Ethernet interfaces installed on a system running the Solaris Operating System, SPARC or x86 Platform Edition
  • Software: Solaris Operating System (installed and networked)

Network Example

The following image will represent the network topology for this example.
Persistent Routing Example


Configuration

In the /etc/rc2.d directory, create a start script called S76addroutes. (The name of the script can be anything you choose.)

The following example can be implemented on all Solaris OS Platform Editions.

HOST A

HOST A has two Ethernet interfaces. One interface has IP address 192.168.100.10 assigned to it, and the other interface has IP address 172.16.0.10 assigned to it.

In the /etc/rc2.d directory, create a start script called S76addroutes. Add the following text to this file (such that it correlates to your own network) using this syntax format: " route add -net [ network you need to route to ] -netmask [ netmask of the destination network ] [ default gateway leading to the destination network ] [ number of hops to get to the next network segment ]"

route add -net 10.0.0.0  -netmask 255.0.0.0  172.16.0.20  2

HOST B

HOSTB has two Ethernet interfaces. One interface has IP address 172.16.0.20 assigned to it, and the other interface has IP address 10.0.0.10 assigned to it.

In the /etc/rc2.d directory, create a start script called S76addroutes. Add the following text to this file, such that it correlates to your own network:

route add default 172.16.0.10

HOST C

HOST C has one Ethernet interface. The interface has an IP address of 172.16.0.30 assigned to it.

If you want this host machine to route to another network segment that is downstream from the default router assigned to it, again create a start script in the /etc/rc2.d directory, called S76addroutes.

route add default 172.16.0.10
route add -net 10.0.0.0  -netmask 255.0.0.0  172.16.0.20  2

Security Usage Instructions

If HOST A is a firewall or performs NAT translation, use the following example to add host translation for either HOST B or, in this case, HOST C. This will get added to the S76addroutes script you just created on HOST A. The MAC address is the same MAC address for the Ethernet adapter on HOST A with IP address 192.168.100.10 assigned to it.

route  add  -host  192.168.100.30   172.16.0.30
arp  -s   192.168.100.30   8:0:20:b9:b:be   pub

Another added measure of security to consider would be to refresh the routing information routinely. This would provide some protection against ARP poisoning, IP spoofing, or IP contention caused by IP address conflicts.

Change the file permissions on the /etc/rc2.d/S76addroutes file that you just created as shown below.

-rwxr--r--   1 root     sys         4477  Jan 16  06:15   S76addroutes

Next create a root cron job to routinely call the S76addroutes script refreshing your ARP and routing information.

Here is an example of a cron job that refreshes itself every hour:

1 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 
   * * * /etc/rc2.d/S76addroutes
Note: Above line should not be on separate lines.
Questions?

Contact michael.peters@Lazarusalliance.com.

 

The information and links on this page have been provided by a BigAdmin user. The submitter is solely responsible for such information and links. Sun is not responsible for the availability of external sites or resources, and does not endorse and is not responsible or liable for any content, advertising, products, or other materials on or available from such sites or resources. Sun will not be responsible or liable, directly or indirectly, for any actual or alleged damage or loss caused by or in connection with use of or reliance on the information posted here, or goods or services available on or through any external site or resource.


 BigAdmin
  
»  Search the HCL
 
BigAdmin Subscriptions
»   BigAdmin Newsletter
»   BigAdmin Blog
»   BigAdmin Wiki
»   RSS Feeds
BigAdmin Areas
»   All Topics/Sections
»   Articles and FAQs
»   Blogs and Wikis
»   Discussions
»   Documentation
»   Features
»   From The Forums
»   HCL
»   Multilingual
»   Patches
»   Products and Tech
»   Resources
»   Scripts
»   Software/Tools
»   Solaris 10 Apps
»   ShellCmds
»   Submit Content
»   Suggestions
»   SysAdmin Jobs
»   SysAdmin Topics
»   Tech Tips
»   Training and Certification
»   XPerts
BigAdmin Sun Center
»   Register Your System
»   Solaris Developer Center
»   Sun BluePrints
»   Support Center
»  Sun Doc Highlights
»   Sun Advisory Panel for System Admins
BigAdmin Topics
»   DST
»   DTrace
»   Interoperability
»   Networking
»   Predictive Self-Healing
»   ZFS
»  Zones