Log in

No account? Create an account
fun with networking 
5th-May-2003 07:10 am
Debugging firewalls and networks is very strange.

It's sort of like going to a party where not only do you not know anyone, but everyone is wearing masks and bright clothing and they keep exchanging them when you have your back turned. And the color of your shoes matters --- see, if you're wearing a pair of blue shoes, then you can only talk to people with green shoes. If you try to talk to anyone else with blue shoes, everyone in the immediate vicinity will become curiously unresponsive, walk away from you, and then you have to spend the next 10 minutes eating dip and chips over at the red table (not the green table) waiting for all of the blue-shoed people to time out.

See, I just found out that what happens when you assign an IP address to an interface and give it the wrong scope. You probably don't know this and I bet you don't want to know this, but I'm going to tell you anyway.

Well okay, the real issue is that the UNIX ifconfig command is (evidently) now passé and the new ip command does things at a somewhat lower level, because of course you want to be able to specify every last option.

I mean, yes, it's cool that if you want to add an ip address to an interface, as of Linux 2.4, all you have to do is say ip addr add dev eth0 and you're done.

All that remains is to figure out why it is that when it's connected to your laptop at the far end of a crossover cable, it responds just fine, but when you hook it up to your DSL box, connect to your shell account off in timbuktu, and try to ping it from there, you lose.
Keep in mind that, being the other address on said interface, still responds to pings just fine, so it's clearly not the case that some magical agency between here and timbuktu is eating ICMP packets for breakfast. Or if it is the case, then we're talking about something that cares very much about the last number in the address being 163 rather than 162, which then entails believing lots of other stupid ideas as well (e.g., trickle-down economics or the labor theory of value).

So, it turns out that you have to do ip addr add dev eth0 scope global, where I'm guessing that last bit means something like, "Yes this is an address that is meant to be known to and used by the entire rest of the world," unlike, say, (the loopback address) which is only meant to be meaningful on the local machine. Or something.

Of course, given that the whole point of IP is to facilitate wide-area networking/inter-networking, and thus addresses like are really strange special cases that are mostly used for testing and thus more the exception than the rule, you really have to wonder why the hell scope global isn't the default.

Not that I should pretend to be a network guru or anything.
This page was loaded Aug 24th 2017, 10:41 am GMT.