Re: Solaris and lack of loopback routes

From: Chris A. Mattingly (chris.mattingly@interpath.net)
Date: 08/06/02


Date: Tue, 06 Aug 2002 12:28:39 -0400
From: "Chris A. Mattingly" <chris.mattingly@interpath.net>
To: Jon <warchild@spoofed.org>


Jon wrote:
>
> (reposted)
>
> On Tue, Jul 30, 2002 at 05:12:45PM -0400, Chris Mattingly wrote:
> > On FreeBSD, there is no route for the 127/8 network, but the stack
> > actually pays attention to the fact that lo0 has a netmask for the
> > entire /8 network, and traffic to any 127 address stays within the lo0
> > interface (never shows up on any of the other three physical
> > interfaces).
>
> Just to satisfy my curiousity, I dropped the loopback network route and
> changed the netmask of my loopback device to be 255.255.255.0 on my linux
> box (I don't have a Solaris box available at the moment). Still, all
> traffic bound for the loopback network was sent over the loopback device.
> This may be a linux specific feature that I'm not familiar with. Does a
> similar test on a Solaris box yield different results?

On Solaris, here's the breakdown:

o With a netmask of 255.0.0.0 and no routes for the 127/8 network,
  Solaris sends 127/8 traffic (except 127.0.0.1 for which there
  is a host route) out the "default" interface. It should not do
  this if it paid attention to the netmask on lo0.

o With a netmask of 255.0.0.0 and a specific route for 127/8, Solaris
  pays attention to the route and traffic for 127/8 IP addresses is
  not seen on the "default" interface.

o With a netmask of 255.255.255.0 and no specific route, Solaris
  still does the same as the first scenario -- all 127/8 traffic
  goes out the default interface.

o With a netmask of 255.255.255.0 and a specific route, Solaris
  behaves and follows the "demand" of the route statement.

So what it's boiling down to is that Solaris doesn't care what
the netmask is of the lo0 interface. Only when there is a
specific route in place will traffic stay on lo0 when it is
supposed to stay on lo0.

> > It's a good question as to why Solaris behaves in this manner...
>
> It's been bothering me on and off for some time now. Interestingly, it
> only bothers me when when we get spam bombed and the mail gets old and
> moldy in the queue for 4 days...

In my experience, use of RBLs really helps reduce that problem. :)

-Chris