0
I try to make the OSX host-A to be a specific gateway for a Linux host-B. The default gateway entry of B has been deleted and add a specific gateway as below. Note: 98.136.144.138
is the ip address of domain name of "search.yahoo.com". Host-A can reach search.yahoo.com normally. ip of A is 10.192.29.246
and ip of B is 10.192.13.160
.
When host-B browser refreshes the ip of 98.136.144.138
, the web page shows as expected. But the Wireshark can not capture any packets illustrating the packets from host-B reach the gateway host-A first and host-A routes these packets. Why the information does not show?
- The packets Wireshark captured in host-B as below. After I add specific route and refresh
98.136.144.138
of Yahoo Search in browser of host-B, packets below the line in picture turn up. But no info upon packets to specific gateway(host-A). And how to get the packets to a gateway if necessary?
- The returns of command
traceroute 98.136.144.138
in host-B as below. And why the fist line is old default gateway 10.255.255.1 not specific gateway host-A. Host-A ip10.192.29.246
even did not show .
If we can not trace or capture the data from host-B to the specific gateway(host-A) according to the routing table when browse the "Yahoo Search" page, how do we know whether it's really happened that host-B reach "Yahoo Search" page via host-A? The routing rules are on the routing table, but we need to really know that. Any help would be appreciated.
Update: add the layer II information of Wireshark below.10.192.26.24
is the host-B ip address now since restarted (But host-A is still 10.192.29.246
). The first packet is sent to MAC address 00:00:5e:00:01:02
which belongs to the deleted default gateway 10.192.0.1
. But how does it still be sent to deleted gateway? All following packets don't contain MAC address of host-A.
Update: And a diagram for illustrating my purpose.
I am not sure this is right? Today when I retried this, host-B could access to 98.136.144.138
at first and Wireshark captured some info about "redirect". This is real communication between host-A and host-B.
However, it was really weird after a while, host-B could not access to 98.136.144.138
anymore but Wireshark captured host-B did really send packets to host-A via layer of Ethernet II and not to original deleted default gateway.
2What Linux kernel version is host B running? What's your full routing table (as shown by
ip -4 route
andip -4 rule
)? What's the point of hiding 10.x addresses? – user1686 – 2018-07-15T13:14:52.390@grawity The question just has been updated as your suggestion. The kernel version of host-B is
Linux admin-PC 4.16.0-kali2-686-pae #1 SMP Debian 4.16.16-2kali2 (2018-07-04) i686 GNU/Linux
. Please keep helping on this issue and let me know if any more information needed. – forAllBright – 2018-07-15T14:35:43.583In response to the new question in the Updated section: Please provide the output of:
ip route
andip address
on the Linux endpoint host. This will help determine the configuration of the Linux host. – Slartibartfast – 2018-07-15T19:33:34.923