Hum,
If I translate your request correctly:
You just want to filter what you are redistributing into RIP ( or other
protocol ), am I right ?
if yes, well it's just about applying a route-map on your redistribute
config that matches ( or not in your case ) some specific prefixes
This config is applied on my home quagga router , but didn't check if
it's properly working in RIP. Seems to work for BGP ;) and in my vendor
setup as well.
ip prefix-list PL_CONNECTED2RIP seq 5 permit 1.2.3.0/28
route-map RM_CONNECTED2RIP deny 10
match ip address prefix-list PL_CONNECTED2RIP
router rip
redistribute connected route-map RM_CONNECTED2RIP
Regards,
Nico
On 04/26/2018 11:53 AM, markMLl wrote:
On 25/04/18 20:39, Alexis Rosen wrote:
On Apr 25, 2018, at 9:24 AM, markMLl <markmll...@telemetry.co.uk> wrote:
Is there a succinct way of saying to Quagga on that router "Listen,
old chap, it's great that you're reminding us of your RFC-1918
nodes, but would you be so kind as to keep the existence of the DMZ
to yourself since I don't want anybody trying to access it directly"?
Certainly, but you need to be a lot more explicit about things.
Without way more details, the best I can offer is "look into
distribute-list". Which may or may not be right, depending on the
missing details.
I thought that distribute-list was to control traffic through
interfaces... 5.5 at https://www.quagga.net/docs/quagga.html
specifically talks about using it to apply an access list.
The configuration here is really very simple:
$ sudo ip address ls
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether b8:27:eb:ce:68:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.5/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::ba27:ebff:fece:681a/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:50:b6:03:1e:82 brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:b6ff:fe03:1e82/64 scope link
valid_lft forever preferred_lft forever
4: eth1.200@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP group default qlen 1000
link/ether 00:50:b6:03:1e:82 brd ff:ff:ff:ff:ff:ff
inet 172.27.200.5/24 brd 172.27.200.255 scope global eth1.200
valid_lft forever preferred_lft forever
inet6 fe80::250:b6ff:fe03:1e82/64 scope link
valid_lft forever preferred_lft forever
...
10: eth1.250@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP group default qlen 1000
link/ether 00:50:b6:03:1e:82 brd ff:ff:ff:ff:ff:ff
inet x.y.z.t/28 brd x.y.z.T scope global eth1.250
valid_lft forever preferred_lft forever
inet6 fe80::250:b6ff:fe03:1e82/64 scope link
valid_lft forever preferred_lft forever
$ sudo ip route ls
default metric 1
nexthop via 172.27.200.1 dev eth1.200 weight 170
nexthop via 172.27.201.1 dev eth1.201 weight 85
x.y.z.t/28 dev eth1.250 proto kernel scope link src x.y.z.w
172.27.0.0/24 via 192.168.1.16 dev eth0 proto zebra metric 2
172.27.200.0/24 dev eth1.200 proto kernel scope link src 172.27.200.5
172.27.201.0/24 dev eth1.201 proto kernel scope link src 172.27.201.5
172.27.202.0/24 dev eth1.202 proto kernel scope link src 172.27.202.5
172.27.203.0/24 dev eth1.203 proto kernel scope link src 172.27.203.5
172.27.204.0/24 dev eth1.204 proto kernel scope link src 172.27.204.5
172.27.205.0/24 dev eth1.205 proto kernel scope link src 172.27.205.5
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.5
$ sudo cat /etc/quagga/ripd.conf
hostname XXXXXX
password YYYYYY
router rip
network eth0
no passive-interface eth0
redistribute connected
neighbor 192.168.1.1
# neighbor 192.168.1.128
log file /var/log/quagga/ripd.log
$ telnet localhost 2602
> show ip rip
Codes: R - RIP, C - connected, S - Static, O - OSPF, B - BGP
Sub-codes:
(n) - normal, (s) - static, (d) - default, (r) - redistribute,
(i) - interface
Network Next Hop Metric From Tag Time
C(r) x.y.z.t/28 0.0.0.0 1 self 0
R(n) 172.27.0.0/24 192.168.1.16 2 192.168.1.16 0 02:55
C(r) 172.27.200.0/24 0.0.0.0 1 self 0
C(r) 172.27.201.0/24 0.0.0.0 1 self 0
C(r) 172.27.202.0/24 0.0.0.0 1 self 0
C(r) 172.27.203.0/24 0.0.0.0 1 self 0
C(r) 172.27.204.0/24 0.0.0.0 1 self 0
C(r) 172.27.205.0/24 0.0.0.0 1 self 0
C(i) 192.168.1.0/24 0.0.0.0 1 self 0
All I want is for that one route which I've edited to x.y.z.t to /not/
be published, since it's an external DMZ and I want everything else on
our intranet to use their usual gateways to route to it.
I'm on-list, no CC necessary.
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
