Using a /32 Netmask on Linux

Despite what some simple Googling might imply, it's entirely possible to use a /32 as a netmask for an IP address on Linux. The important detail is that it can't be the primary IP address. That primary can be an RFC1918 address (i.e. nonrouteable on the Internet) but your default gateway needs to be able to route to you via something other than the /32.

Here's the setup. Assume a Cisco router on 192.0.2.1/24 and a Linux server on 192.0.2.2/24. The /32 we'll use is 192.0.3.1/32.

On the server:

ip addr add dev eth0 192.0.2.2/24
ip addr add dev eth0 192.0.3.1/32

On the router:

interface FastEthernet0/1
ip address 192.0.2.1 255.255.255.0
ip route 192.0.3.1 255.255.255.255 192.0.2.2

At this point, you should be able to ping both 192.0.2.2 and 192.0.3.1 from the router.

The other step you may need to take is to add some routing on the Linux server to source from the 192.0.3.1 address. Normally traffic that is received on that IP will reply with that IP, so that's fine, but for new traffic if you want the source to be the /32, you'll need a special route:

ip route add 10.0.0.0/8 via 192.0.2.1 src 192.0.3.1

See, I told you it was easy.

tags: 

3 Comments

/etc/network/interfaces equivalent?

Thanks for this! But it would be brilliant if you could also say what the /etc/network/interfaces entry equivalent to those two ip commands is. ifupdown complains about "duplicate interface" if I have two iface eth0 entries, and "duplicate option" if I just put two address entries under the same iface eth0 stanza.

/etc/network/interfaces - like this?

Having searched around and fiddled with /etc/network/interfaces,

auto eth0
iface eth0 inet static
    address 192.0.2.2
    netmask 255.255.255.0

auto eth0:1
iface eth0:1 inet static
    address 192.0.3.1
    netmask 255.255.255.255

would seem to be the right thing for Debian/Ubuntu?

Subscribe to Comments for "Using a /32 Netmask on Linux" Subscribe to zmonkey.org - All comments