82

This turns out to be harder than I thought. The routes I want to delete are the "!" rejected routes, but I can't seem to formulate the right "route del" command to pull it off.

Here is the routing table...

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
67.40.227.206   *               255.255.255.255 UH    0      0        0 ppp0
192.168.46.79   *               255.255.255.255 UH    0      0        0 ipsec0
192.168.46.79   -               255.255.255.255 !H    2      -        0 -
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
10.1.0.0        *               255.255.0.0     U     0      0        0 ipsec0
10.1.0.0        -               255.255.0.0     !     2      -        0 -
default         *               0.0.0.0         U     3      0        0 ppp0
default         *               0.0.0.0         U     4      0        0 ppp0

I have two entries for 192.168.46.79 and 10.1.0.0. These are auto-generated by the little Linux based router I'm using. I can ping the IPSEC tunnels from the shell itself, but traffic from the LAN takes the second route (the rejected "!" or "!H" route) for reasons I simply don't understand.

Zoredache
  • 133,737

6 Answers6

108

with the route -n command you'll obtain

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.178.1   0.0.0.0         UG    0      0        0 eth0
0.0.0.0         160.98.123.1    0.0.0.0         UG    600    0        0 wlan0

sudo route del -net 0.0.0.0 gw 192.168.178.1 netmask 0.0.0.0 dev eth0

you'll get all parameters respectively from above

Philippe Gachoud
  • 1,907
23

The types of the routes with the ! flag are either unreachable or prohibit. route, being an ancient utility from net-tools, does not differentiate between the two. Use iproute2.

The net-tools way to delete these routes would be to use route del on it. However, net-tools provides no way to differentiate between the rejected route and the other one (because the dev argument is optional, though not specifying a device is likely to remove the unreachable route).

iproute2 allows you to do it like this:

ip route del unreachable 10.1.0.0/24
ip route del unreachable 192.168.46.79/32

It might not be unreachable, but prohibit. Use ip route with no arguments to determine which.

Falcon Momot
  • 25,584
12

I think it's this: route del -net 10.1.0.0 netmask 255.255.0.0 metric 2

I'm not 100% certain. But, I think you've got something else goofy going on since you have 2 default routes.

baumgart
  • 2,543
1

From my experience,

route del -host <ip> reject

should work. In your specific case,

route del -host 192.168.46.79 reject

should do the trick. Please note that this applies to routes I manually added. I'm not entirely certain why yours has duplicate routes without interfaces. As such, it may be necessary to apply a metric parameter, as described by baumgart.

Weasel
  • 11
0

All the time someone try to hack me and i afraid to be bridged. I use VPN and adress 84.17.53.166 is from it. Is that route ok?

pek@pop-os:~$ route -n

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 10.8.8.1 0.0.0.0 UG 50 0 0 tun0

0.0.0.0 192.168.8.1 0.0.0.0 UG 20100 0 0 enx001e101f0000

10.8.8.0 0.0.0.0 255.255.255.0 U 50 0 0 tun0

84.17.53.166 192.168.8.1 255.255.255.255 UGH 50 0 0 enx001e101f0000

169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enx001e101f0000

192.168.8.0 0.0.0.0 255.255.255.0 U 100 0 0 enx001e101f0000

192.168.8.1 0.0.0.0 255.255.255.255 UH 50 0 0 enx001e101f0000

mike
  • 1
  • 1
-2

Please see if there is a "device config file" under /etc/network/interfaces.d/ -> I had eht0!! Really, it was eht0 and not eth0 there!

Andreas Brandts
  • 1