Which configuration files affect the routing table of a Debian system

2

As far as I know basic network configuration goes into /etc/network/interfaces and the system generates the routing table from these information. I was also taught that in general /etc/network/interfaces is the place to permanently add custom commands to manipulate the routing table (also suggested sometimes is /etc/rc.local or a custom script in /etc/network/if-up.d/). Furthermore one might specify custom routing tables in /etc/iproute2/rt_tables.

  • Are there any other places that will affect the (main) routing table?
    • In particular, are there any other possibilities besides /etc/network/interfaces to make manually added/deleted routes permanent?
  • Does a system with multiple NICs have a concept of primary and secondary network interfaces or are these only wordings used to help the user? (During setup one has to choose the primary if and /etc/network/interfaces will contain an appropriate comment.) If such a concept exist, where can it be configured?
  • Are there any differences of the routing table concept between Debian Squeeze and Debian Jessie?

Background of my question is that I have a legacy Debian Squeeze system and a new Debian Jessie system which boot up with different routing tables but are (as far as I can tell) configured identical. I could manually manipulate the routing table to fit my needs and make the changes permanent using /etc/network/interfaces but I want to understand what is going on.

EDIT

Here are the configuration files of both machines. I changed the first parts of each IP address for privacy reasons. However, subnets and the address parts of the respective networks were not changed. The /etc/network/interfaces.d/ directory on the Jessie machine is empty.

/etc/iproute2/rt_tables on Jessie

#
# reserved values
#
255 local
254 main
253 default
0   unspec
#
# local
#
#1  inr.ruhep

/etc/iproute2/rt_tables on Squeeze

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep

/etc/rc.local on Jessie

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

exit 0

/etc/rc.local on Squeeze

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

exit 0

/etc/network/interfaces on Jessie

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

auto eth1
iface eth1 inet static
    address 143.103.155.254
    netmask 255.255.255.0
    network 143.103.155.0
    gateway 143.103.155.254

# The primary network interface
auto eth2
iface eth2 inet static
    address 27.126.19.194
    netmask 255.255.255.248
    network 27.126.19.192
    broadcast 27.126.19.199
    gateway 27.126.19.193
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 143.103.5.1
    dns-search subdomain.domain.de

/etc/network/interfaces on Squeeze

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface

auto eth0
iface eth0 inet static
        address 143.103.155.254
        netmask 255.255.255.0
        network 143.103.155.0
        gateway 143.103.155.254

auto eth2
iface eth2 inet static
        address 27.126.19.194
        netmask 255.255.255.248
        network 27.126.19.192
        broadcast 27.126.19.199
        gateway 27.126.19.193

output of ip route show table main on Jessie

default via 143.103.155.254 dev eth1 
143.103.155.0/24 dev eth1  proto kernel  scope link  src 143.103.155.254 
27.126.19.192/29 dev eth2  proto kernel  scope link  src 27.126.19.194

output of ip route show table main on Squeeze

27.126.19.192/29 dev eth2  proto kernel  scope link  src 27.126.19.194
143.103.155.0/24 dev eth0  proto kernel  scope link  src 143.103.155.254
default via 27.126.19.193 dev eth2
default via 143.103.155.254 dev eth0  scope link

output of route -n on Jessie

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         143.103.155.254  0.0.0.0         UG    0      0        0 eth1
143.103.155.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
27.126.19.192  0.0.0.0         255.255.255.248 U     0      0        0 eth2

output of route -n on Squeeze

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
27.126.19.192  0.0.0.0         255.255.255.248 U     0      0        0 eth2
143.103.155.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         27.126.19.193  0.0.0.0         UG    0      0        0 eth2
0.0.0.0         143.103.155.254  0.0.0.0         UG    0      0        0 eth0

sigy

Posted 2015-05-21T13:40:54.780

Reputation: 87

That question is too broad and hard to answer... maybe you want us to compare those 2 configurations and find out why they setup the routing differently? – Marki555 – 2015-05-21T14:45:11.203

@Marki555: I added the two configurations and the resulting routing table – sigy – 2015-06-19T21:47:59.073

What is your desired result? I see main difference in the default routes... When you add gateway option, it is meant as default route via that interface. Are you sure you want default route via 2 interfaces? Also for eth0/eth1 the gateway is your server itself... why? – Marki555 – 2015-06-20T18:05:43.343

The resulting routing on Squeeze is "working" as expected. The local network is 143.103.155.0/24 and I want all traffic to this to be handled by this machine. All other traffic should be forwarded to the external gateway via the other interface. I think I already tried leaving out the default gateway for 143.103.155.0/24 but the default route via 27.126.19.193 is still not added automatically. – sigy – 2015-06-20T18:17:04.963

So when your remove gateway 143... from Jessie, it doesn't have any entry at all for default route in route -n or ip route? – Marki555 – 2015-06-20T18:19:59.427

I can try again to verify but I'm pretty sure that I tried that already and still was not able to reach any external IP. To try it again I have to take around 120 ppl offline :/ – sigy – 2015-06-20T18:23:06.323

With only 1 gateway Jesse should add/use it. Unless there is a typo somewhere. You can try debugging the start script /etc/init.d/networking using sh -x. First with parameter stop, then with start. Maybe you will see some error there. – Marki555 – 2015-06-20T18:35:52.907

It is indeed working. However, the reason it did not work in my previous test is that it only works after a reboot, what I find strange. I also don't understand why Squeeze behaves different. Which behavior is the "expected" one? – sigy – 2015-06-20T18:54:07.247

The config syntax and meaning should be the same, only the init scripts which implement it are little different. See this for example (some parts are outdated) https://wiki.debian.org/NetworkConfiguration

– Marki555 – 2015-06-20T19:04:20.100

You helped to solve the problem, thanks for that. Do you want to post an answer in order to receive the bounty? – sigy – 2015-06-20T19:43:22.153

Answers

1

Both of your /etc/network/interfaces files contain one and the same error: the default gateway is specified twice.

You can have multiple default gateways, only under a very specific circumstance (neglecting metrics): that you have several routing tables, each specified in the file /etc/iproute2/rt_tables, but each routing table shall have a single default gateway.

You, instead, specify one for each interface, in the very same table main. So what we are seeing here is a slight difference in the implementation of the iproute2 package, and how it responds to errors.

In the case of Jessie, it establishes the first-mentioned gateway, 143.103.155.254, as the one and only gateway, simply because it is mentioned first. When the declaration of the second gateway, 27.126.19.193, takes place, nothing happens because it is not preceded by 

      ip route del default

Squeeze, instead, deals with the error in a different way: it limits the scope of the second gateway to link local. For more info on scope, see the iproute2 manual, which states:

scope link --- the address is link local, valid only on this device.

Wikipedia states that:

In a computer network, a link-local address is a network address that is valid only for communications within the network segment (link) or the broadcast domain that the host is connected to.

Thus the range (imprecise synonym for scope) of the second gateway has been very much limited to its network segment (i.e., its broadcast domain 143.103.155.0/24). Thus Jessie too, in a different way, has coped with your incorrect declaration of multiple gateways in the same routing table.

Of course, there is no expected behavior on how packages deal with errors. The correct way for you to setup your /etc/network/interfaces file is to omit the statement 

   gateway 143.103.155.254

altogether (this is strange also because it says that the gateway of your own pc is ... itself!). To see a nice explanation of this read the Initial Solution paragraph here; later, it is also explained how to add multiple gateways, with multiple routing tables.

If, as you claim,

I can try again to verify but I'm pretty sure that I tried that already and still was not able to reach any external IP.

it is most likely because you did not allow IPv4 forwarding from one interface to the other, (as sudo:

     echo 1 > /proc/sys/net/ipv4/ip_forward

takes care of that), or because your iptables rules blocked forwarding.

MariusMatutiae

Posted 2015-05-21T13:40:54.780

Reputation: 41 321

As I mentioned in the other comment it didn't work when I tried it because a simple /etc/init.d/networking restart seems not to be enough. Afterwards I didn't have any default route. However, after I restarted the whole system the routing was setup correctly. – sigy – 2015-06-26T10:27:48.843

1

The main difference between Squeeze and Jessie is that ip command calls ifconfig for the first and iproute2 for the last.

ifconfig doesn't known multiple gateway configurations, at least without metrics. That's why you see differences between the two ip route commands (or route -n (deprecated))

iproute2 can track multiple routing tables

ip route show all

Concept of primary and secondary network interfaces is just a way to distinguish them, usually called eth0 (1st) and eth1 (2nd), but order may vary!

And yes, you can set permanent route from /etc/network/interfaces throught the use of up like this:

up ip route add 1.2.3.4/24 via 1.2.3.1

maxxvw

Posted 2015-05-21T13:40:54.780

Reputation: 381

If ifconfig doesnt know multiple gateway configurations but is used in Squeeze shouldn't I see the opposite? Squeeze is the OS which produces two default routes. – sigy – 2015-06-22T15:28:13.643

You have iproute2 installed, that's the only reason i can see. But look at the scope link for the 2nd gateway. The other one is the real default gateway – maxxvw – 2015-06-22T15:39:32.973

Can you clarify what you mean? Who creates the second default route if not ifconfig? And if it is ip why does it not get created on Jessie? I must admit I am a bit confused now... – sigy – 2015-06-22T16:39:02.730

Asked: 2015-05-21T13:40:54.780

Viewed: 4 814 times

Active: 2015-06-25T15:37:02.007