The answer is in the way subnet masks and the way your ip address falls
within those various subnets that you have defined.

For netmask of 255.255.255.240 the 4 MSBs of the last octet are network
addresses.   This means that there are multiple networks defined in that
space.  Your ip address of your host is 147 which falls in the 144 network.
It is easier to see with binary.

255.255.255.240 = FF.FF.FF.F0  F0 = 11110000
x.x.x.147 = x.x.x.10010011

This shows that this host is in the x.x.x.10010000 network (x.x.x.144)

Did I get all that right?

Clinton


-----Original Message-----
From: David Demland [mailto:ddemland@cadtel.com]
Sent: Monday, September 25, 2000 2:26 PM
To: PLUG Discussion
Subject: Routing Table Problems


I am still having a problem with the routing table on this Storm box. The
following is the /etc/network/interfaces file:

# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
iface lo inet loopback

iface eth0 inet static
	address 192.168.1.204
	netmask 255.255.255.0
	gateway 63.88.193.129

iface eth1 inet static
	address 63.88.193.147
	netmask 255.255.255.240
	gateway 63.88.193.129
	broadcast 63.88.193.255

The ifconfig command output is:

eth0      Link encap:Ethernet  HWaddr 00:D0:B7:BF:AA:60
          inet addr:192.168.1.204  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5555 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:10

eth1      Link encap:Ethernet  HWaddr 00:D0:B7:BF:A6:C4
          inet addr:63.88.193.147  Bcast:63.255.255.255
Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:240 errors:0 dropped:0 overruns:0 frame:0
          TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:9 Base address:0x2000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

The route -n command output is:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
63.88.193.144   0.0.0.0         255.255.255.240 U     0      0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

My question, in the interfaces file the IP for eth1 is 63.88.193.147. The
ifconfig command seems to reinforce this with the IP address of the same.
But the route command has an IP of 63.88.193.144. Where in the world does
this come from?

Can anyone help?

Thank You,

David Demland
Qa/Testing Manager
CADTEL Systems, Inc.
11201 N. Tatum Ste. 200
Phoenix, AZ 85028
(602) 953-4888
Fax: (602) 953-4833
ddemland@cadtel.com


________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


From Don Harrop <don@nis4u.com>  Mon Sep 25 20:23:37 2000
From: Don Harrop <don@nis4u.com> (Don Harrop)
Date: Mon, 25 Sep 2000 13:23:37 -0700 (MST)
Subject: user tracking
In-Reply-To: <200009251842.LAA04894@snappy.wiredglobal.com>
Message-ID: <Pine.LNX.4.21.0009251318330.1219-100000@tech1.nis4u.com>

Thanks for the responses.  I never know about the command "last".  Very
cool.  I've already found out most of what I needed.  It was some guy over
in Russia.  Those punks!  :-)  He left some cool utilz on the hard drive
for me though.  A login replacement that logs all usernames and passwords
and a in.ftpd replacement.  That's how he got in in the first place.  I
was running wu-ftpd 2.5.x... I already know there's tons of documented
exploits with that verison.  I've just upgraded to wu-ftpd 2.6 so that
should slow 'em down a little bit.

Don

On 26 Sep 2000, Bill Warner wrote:

> This information is located in the /etc/shadow file.  it is refrenced
> in the standard unix time thing (seconds sense jan 1 1970) check
> man shadow for more details
> 
> Bill Warner
> 
> > Hey guys.
> >       At login I get a printout of when the last login occured.  Where
> > is that info stored?  I want to check out a user on the system but
> > don't want to log in as them.  One of the machines I work with had the
> > root account compromised.  It's just running a few mushes so it's not that
> > big of deal but I don't want it happening again.  I went through it with a
> > fine tooth comb and wouldn't mind it if any of you guys tried to whack at
> > it...  Lemme know what you find.  The IP is 205.216.140.17
> > 
> > Don
> > 
> > 
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> > 
> > Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > 
> 
> 
> 
>