Linux: Default gateway fails, must use local IP for default gw instead

Discussion in 'Wireless Internet' started by John Sasso, Jul 8, 2004.

  1. John Sasso

    John Sasso Guest

    We have several laptops running Redhat 9 using Linksys 802.11b cards, and
    Cisco 1200 series APs. We've found that to access networks beyond our
    local subnet, we must configure the default gateway on the laptop to be the
    IP address of the local wireless interface, and NOT the address of the
    router for the subnet the laptop is on (as one normally would). Note that
    w/o the default gw configured we can still ping hosts on the same subnet (of
    course).

    Why would we be having such a problem? If I bring my laptop home and
    configure the default gateway to be the IP address of my small router, it
    works fine. I'm wondering if it could be a config issue on the Cisco AP at
    work?

    --john
     
    John Sasso, Jul 8, 2004
    #1
    1. Advertisements

  2. That's wrong.
    Ok, the hosts and router are present and accounted for.
    Because you *MAY* have had your routers IP address hijacked by someone
    doing a "man in the middle" attack. Packets that are suppose to go to
    the router are instead going to some other computah, collected, and
    then forwarded to the real router. You can test for this by running:
    arp -a
    Ping the router and compare the MAC address for whatever it shows for
    the router IP address. If it doesn't agree with what's on the label,
    try to identify the manufacturer by the MAC address and deal with the
    perpetrator. You may also find arpwatch and arping handy (comes with
    RH9).
     
    Jeff Liebermann, Jul 8, 2004
    #2
    1. Advertisements

  3. Another possibility is that some machine on your office LAN is spewing
    RIP (router information protocol) updates that are advertising a bogus
    route to the internet. If your Linux boxes are running routed (RIP2)
    they may be getting redirected to the wrong gateway to the internet.
    A clue is that if the default route (i.e. gateway) on your laptops
    point to themselves, you should not be able to browse or ping IP
    addresses on the internet as there is no way for the packets to get to
    the internet. Therefore, I suspect that either something is
    redirecting the packets as in the man in the middle exploit, or that
    something (i.e. RIP) is setting the default route AFTER you set them
    to the laptop IP address.

    Check your routing table with:
    route -nv
    or
    route -env
    for the old style netstat output. Look for a weird default route or a
    route that changes. Also, fire up arpwatch and see if the arp cache
    is changing or similar weirdness.
     
    Jeff Liebermann, Jul 8, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.