Click me if you are a network guru ...

[electron]

Ok, I have a rather strange question. I have a server with a network configuration which looks incorrect to me. However, the netstat command seems to confirm that this works. See the data below for details.

C:\>ipconfig /all

Windows 2000 IP Configuration
		Host Name . . . . . . . . . . . . : server
		Primary DNS Suffix  . . . . . . . :
		Node Type . . . . . . . . . . . . : Hybrid
		IP Routing Enabled. . . . . . . . : No
		WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

		Connection-specific DNS Suffix  . :
		Description . . . . . . . . . . . : Realtek RTL8139/810X Family PCI FastEthernet NIC
		Physical Address. . . . . . . . . : 00-20-ED-25-33-C2
		DHCP Enabled. . . . . . . . . . . : No
		IP Address. . . . . . . . . . . . : 172.16.1.1
		Subnet Mask . . . . . . . . . . . : 255.255.255.252
		Default Gateway . . . . . . . . . : 10.90.6.41
		DNS Servers . . . . . . . . . . . :

C:\>netstat -na

Active Connections
  Proto  Local Address		  Foreign Address		State
  TCP	0.0.0.0:4050		   0.0.0.0:0			  LISTENING
  TCP	172.16.1.1:4050		10.90.200.52:3800	  ESTABLISHED
...

I am trying to figure out why this is working. As far as I know, there is no strange NAT going on. Any ideas why this works?

 

[Sacedog]

What exactally is wrong? Is it that the server IP os on a differnt subnet than the router? What do you see when you perform a "route print" command from teh CMD prompt?

 

[electron]

The subnet mask indicates there are only 2 available IP addresses, .1 and .2. The default gateway is not on the local subnet. No routes were hardcoded as far as I know, but I can't confirm this until tomorrow (server is in a remote location). A static route is really the only thing I can think of that might make it work, but I was told no changes were made. However, that default gateway is still wrong.

 

[ginigma]

Well, it's probably not the best subnet mask you could be using, but I don't know your network specifics. (I'd probably use 255.255.0.0 unless you need a lot of subnets)
Why do you think it's wrong?

 

[rocco]

Hi E,
I am not a net-guru, but I clicked anyway. I don't see anything wrong except for the IP address 0.0.0.0 that appears to be listening. I also notice that your mask will only allow 4 nodes locally (172.16.1.0, 172.16.1.1, 172.16.1.2 and 172.16.1.3), and 172.16.1.4 and above will be routed to your 10.90.6.41, your ISP's proxy.

C:\>netstat -na

Active Connections
  Proto  Local Address		  Foreign Address		State
  TCP	0.0.0.0:4050		   0.0.0.0:0			  LISTENING
  TCP	172.16.1.1:4050		10.90.200.52:3800	  ESTABLISHED
...

Though that iport is listening, I'm wondering if it actually does anything besides take up space.

 

[rocco]

Oops, we cross posted . . .

The subnet mask is actually good for 4 addresses (prior post).

The default gateway does not need to be on the same subnet. In fact, it rarely is when it connects to an ISP, which has its own subnet. That is why it needs to be specified in each machine.

 

[wuench]

The subnet mask indicates there are only 2 available IP addresses, .1 and .2. The default gateway is not on the local subnet. No routes were hardcoded as far as I know, but I can't confirm this until tomorrow (server is in a remote location). A static route is really the only thing I can think of that might make it work, but I was told no changes were made. However, that default gateway is still wrong.

I believe this is due to a feature called Proxy Arp (RFC 925 & 1027). When your PC sends and ARP request for an IP it doesn't know how to reach the router answers the request if it knows how to reach it, even if the IP isn't on the same network. This is on by default on Cisco routers.

And yes I had to look this up.

 

[deranged]

You really have a server names 'server'

There really needs to be more information, a route print would be very helpfull.

Maybe even a trace route.

Without some kind of NAT/Proxy or a manual route statement that server should not be able to access any kind of outside network.

A Trace route should reveal any proxy arp paths on the network.
A route print should also reveal any routes added manually or a gateway provided by proxy arp.

Either way the gateway listed in ipconfig /all is probably being ignored since it is not on the same subnet.

StevenE

 

[rocco]

Either way the gateway listed in ipconfig /all is probably being ignored since it is not on the same subnet.

Maybe it is OS specific, but I do not have any gateways on the same subnet, yet they all work. I don't think a gateway NEEDS to be on the same subnet.

This is indicative of what most of my machines have:

U:\Mark>ipconfig /all

Windows NT IP Configuration

		Host Name . . . . . . . . . : sausage.dsl.gtei.net
		DNS Servers . . . . . . . . : 4.2.2.1
									  4.2.2.2
									  4.2.2.3
		Node Type . . . . . . . . . : Hybrid
		NetBIOS Scope ID. . . . . . :
		IP Routing Enabled. . . . . : Yes
		WINS Proxy Enabled. . . . . : No
		NetBIOS Resolution Uses DNS : Yes

Ethernet adapter RTL81698:

		Description . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC

		Physical Address. . . . . . : 00-E0-4C-05-FF-5E
		DHCP Enabled. . . . . . . . : No
		IP Address. . . . . . . . . : 10.0.0.2
		Subnet Mask . . . . . . . . : 255.255.255.0
		Default Gateway . . . . . . : 66.13.36.77
		Primary WINS Server . . . . : 10.0.0.2

PPP adapter NdisWan6:

		Description . . . . . . . . : NdisWan Adapter
		Physical Address. . . . . . : 00-00-00-00-00-00
		DHCP Enabled. . . . . . . . : No
		IP Address. . . . . . . . . : 0.0.0.0
		Subnet Mask . . . . . . . . : 0.0.0.0
		Default Gateway . . . . . . :

 

[Sacedog]

Correct; the gateway does not need to be on the same subnet, as long as your computer knows the path to the gateway.

 

[Frunple]

Are you on a dsl?
That gateway is used for many networks, especially pppoe as in a dsl, and we use it for our networks all the time.
We will provide a /30 subnet for the wan side, our router would be x.x.x.1, cust router x.x.x.2, and the lan addresses would be on a /27 or whatever subnet.
For a wan port, you only need one usuable and one gateway address.

 

[huggy59]

Yep, looks fine to me. If a machine can't find a destination, it will generally ARP for it and if someone replies, it will send packets to that responding node.

Rocco, 4 addresses, yes, but the first and last addresses in that range are generally the network address (first) and the broadcast address (last), so a .252 mask only allows 2 usable machine addresses. It is typically used in direct point-to-point connections that require routing - typically as in the last leg of a WAN connection.

It would be interesting to know the routing tables of the machine, the gateway, the other node, and if any of them participate in a routing protocol.

Also, could anything else on the network be routing without knowing? Sniffing the network could give you the answers... Ethereal packet capture... I can analyze a capture for you if you'd like.

 

[huggy59]

PS> It could be that the gateway address is actually another interface (or alias) in the directly-connected router for that subnet.

 

[electron]

The server name isn't 'server' hehe. I am still waiting for the route print results, but it has to be something like that. The network admins weren't aware of anything like proxy-arp, but I am starting to believe that they don't know their own network. Thanks for the responses, it at least shows I am not going crazy.

FYI, the port listening on 0.0.0.0 just means that the port can be reached on any interfaces (localhost, and the regular nic in this case).

 

[rocco]

Rocco, 4 addresses, yes, but the first and last addresses in that range are generally the network address (first) and the broadcast address (last), so a .252 mask only allows 2 usable machine addresses.

Thanks, Gordon. I knew that was true about address 0 and 255, but I never knew that it followed the mask. I learned something new today.

FYI, the port listening on 0.0.0.0 just means that the port can be reached on any interfaces (localhost, and the regular nic in this case).

Ok, now I've learned TWO new things today.