000017543 - How to add a static route in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jul 25, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000017543
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueThis article explains how to add a static route in RSA Authentication Manager 8.x.  This is useful because static routes added by using the route add command do not work.
ResolutionThe static routes need to be added into both /etc/sysconfig/network/routes and /etc/sysconfig/network/ifroute-eth0.  They also need to be added to /etc/sysconfig/network/ifroute-eth1, if the second NIC is enabled in Authentication Manager 8.x. Once the change(s) is made, the command service network restart needs to be run.

The entries in the routing configuration files look like this:




DESTINATION           GATEWAY NETMASK   INTERFACE [ TYPE ] [ OPTIONS ] DESTINATION           GATEWAY PREFIXLEN INTERFACE [ TYPE ] [ OPTIONS ] DESTINATION/PREFIXLEN GATEWAY -         INTERFACE [ TYPE ] [ OPTIONS ] 


To omit GATEWAY, NETMASK, PREFIXLEN, or INTERFACE, write - instead. The entries TYPE and OPTIONS may just be omitted.





  • The route's destination is in the first column. This column may contain the IP address of a network or host or, in the case of reachable name servers, the fully qualified network or hostname.



  • The second column contains the default gateway or a gateway through which a host or a network can be accessed.



  • The third column contains the netmask for networks or hosts behind a gateway. A mask of 255.255.255.255, for example, is for a host behind a gateway.



  • The last column is only relevant for networks connected to the local host such as loopback, ethernet, ISDN, PPP, and dummy device. The device name must be entered here.
     




The entries in the routing configuration files look like this:




# Destination     Dummy/Gateway     Netmask            Device 

127.0.0.0         0.0.0.0           255.255.255.0      lo 
204.127.235.0     0.0.0.0           255.255.255.0      eth0 
default           204.127.235.41    0.0.0.0            eth0 
207.68.156.51     207.68.145.45     255.255.255.255    eth1 
192.168.0.0       207.68.156.51     255.255.0.0        eth1


For more information, see information from SUSE on Configuring a Network Connection Manually.
WorkaroundThe RSA Authentication Manager 8.2 SP1 Administrator's Guide gives a slightly different method to add the static route, with Teth0 table or corresponding Table

Below is a synopsis of How to Add a Persistent IPv4 Static Route.  Refer to the RSA Authentication Manager 8.1 Administrator's Guide for full details.
  1. Launch an SSH client, such as PuTTY.
  2. Login to the primary Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup another user name may have been selected. Use that user name to login.



  1. To view the current routing table, type:


sudo ip -4 route show


  1. To add a persistent IPv4 route entry to a network interface routing file, type:


sudo bash -c "echo 'destination gateway subnet_mask eth0'>> /etc/sysconfig/network/ifroute-eth0"


For example, to add a persistent static route that sends all network traffic for any host in the 10.100.212.0 subnet (that uses the subnet mask 255.255.252.0) to the gateway 10.100.219.102, type:



sudo bash -c "echo '10.100.212.0 10.100.219.102 255.255.252.0 eth0' >>/etc/sysconfig/network/ifroute-eth0"


  1. To add a persistent IPv4 route entry to the corresponding table. Type:


sudo bash -c "echo 'destination gateway subnet_mask eth0 table Teth0' >> /etc/sysconfig/network/ifroute-eth0 table Teth0"


Notes:

• eth0 specifies the network interface, for example, eth0 or eth1.
• Teth0 specifies the table in the network interface routing file, such as Teth0 for the interface eth0.



For example, to add a persistent static route that sends all network traffic for any host in the 10.100.212.0 subnet (that uses the subnet mask 255.255.252.0) to the gateway 10.100.219.102, type:



sudo bash -c "echo '10.100.212.0 10.100.219.102 255.255.252.0 Teth0' >> /etc/sysconfig/network/ifroute-Teth0 table Teth0"


  1. Restart the network services. Type:


sudo service network restart
NotesPri = 192.168.1.84
DefGW = 192.168.1.61
remote net = 10.53.69.0
remote net GW = 192.168.1.92 
all net masks = 255.255.255.0

sudo bash -c "echo '10.53.69.0 192.168.1.92 255.255.255.0 eth0' >> /etc/sysconfig/network/ifroute-eth0"

sudo bash -c "echo '10.53.69.0 192.168.1.92 255.255.255.0 eth0 table Teth0' >> /etc/sysconfig/network/ifroute-eth0 table"

sudo service network restart

Errors received: "RTNETLINK answers: Invalid argument" is received if the bit in the IP address is not zero where the network mask is zero.
Example: NETMASK=255.255.255.0 with DESTINATION ADDRESS=172.202.238.108 The "108" in the address needs to be replaced with 0 or replace the network mask with 255.255.255.255.
Legacy Article IDa67015

Attachments

    Outcomes