Re: Defualt ip address out

["John R. Morris" <bishop () lycurgus nerdality com>]

Ummmm...

> From what I can figure out from your post, your default gateway did not
change, but you have an eth0 with an IP of 213.151.136.2 and a virtual
interface, eth0:1 with an ip of 213.151.136.3 . So, is it this virtual
interface and/or it's IP address that changed, or your default route ?

 mikke-gw.kvalit

> From what I see in your routing table, you are not doing any NAT or
routing, and what purpose the virtual interface eth0:1 is serving I cannot
guess.

However, let's break this down into a few questions:

1. What is the OS on your machine (I don't need versions, just Red Hat,
   Debian, etc.), cat /etc/issue.net or something.

2. what does ifconfig -a say ?

3. Also, the output from route -n 

4. How many physical interfaces (ethernet cards, etc) are hooked up, etc.

5. Does this or is this box supposed to route, or do NAT, or anything like
that ? Any reason to have a virtual interface ?

6. What error messages does ssh, etc give you, exactly ?

This is not an error, that is a perfectly legitimate HTTP GET request from
a lynx client. 

> 213.151.136.3 - - [14/Aug/2003:11:58:14 +0200] "GET / HTTP/1.0" 200 4110"-
> " "Lynx/2.8.4rel.1 libwww-FM/2.14"

What does the rest of the log say ? What does ssh -vvv
user@host say ? can you ping (for example) google.com ? traceroute to it ?


If the virtual interface is unwanted, you can turn it off via ifconfig
eth0:1 down, and finding whatever script or config file is creating it on
your distro at boot. Unless you think your machine has been hacked. But I
cannot see the purpose in creating a second interface, it would be useless
unless there was other hosts on that same subnet on your physical segment.


In any case, if you would like to provide more details, I'd be happy to
try and help, regardless of whether it is a security issue or not.

- John

On 14 Aug 2003, Kenneth Hauklien wrote:

> Hi.
>
> On my machine lately the outgoing default ip has changed from 2 to 3.
>
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use 
> Iface
> localnet        *               255.255.255.0   U     0      0        0 
> eth0
> default         mikke-gw.kvalit 0.0.0.0         UG    0      0        0 
> eth0
>
> root@login:~/hpbnc# ifconfig eth0  
> eth0      Link encap:Ethernet  HWaddr 00:50:04:20:E7:57  
>           inet addr:213.151.136.2  Bcast:213.151.136.255  
> Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:144735586 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:156653019 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100 
>           RX bytes:1134180310 (1.0 GiB)  TX bytes:1890855543 (1.7 GiB)
>           Interrupt:16 Base address:0xbc00 
>
> root@login:~/hpbnc# ifconfig eth0:1
> eth0:1    Link encap:Ethernet  HWaddr 00:50:04:20:E7:57  
>           inet addr:213.151.136.3  Bcast:213.151.136.255  
> Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           Interrupt:16 Base address:0xbc00 
>
>
> root@login:~/hpbnc# lynx http://echo.boomdrak.no
> (access.log from the server) 
> 213.151.136.3 - - [14/Aug/2003:11:58:14 +0200] "GET / HTTP/1.0" 200 4110 "-
> " "Lynx/2.8.4rel.1 libwww-FM/2.14"
>
> And i get the same errors when i for example ssh out on a other machine, 
> same with irc and the rest.
>
> Does anyone know why this is? and how to change it?
>
> Best regards
> Kenneth Hauklien
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------