cancel
Showing results for 
Search instead for 
Did you mean: 
mike18
Level 7
Report Inappropriate Content
Message 1 of 7

Route -n get command

Jump to solution

Hi everyone,

I am trying to check if Mcafee firewall has static route to destination.

I run this command to know if firewall has route to destination 10.31.102.9

route -n get 10.31.102.10

   route to: 10.31.102.10

destination: 10.31.102.8??????????????????????what does  destination mean here?????

       mask: 255.255.255.248

  interface: 1-0

if address: 10.31.102.13?????????????????????does it mean that firewall has route to destination via interface 1-0???????

     region: 1

      flags: <UP,DONE>

recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire

       0         0         0         0      1500         1         0

Regards

Mike

1 Solution

Accepted Solutions
sliedl
Level 14
Report Inappropriate Content
Message 4 of 7

Re: Route -n get command

Jump to solution

Oh sorry, the output does change when you have explicit routes configured.  The firewall I tested on only had the 'interface routes' and the 'default' route so I didn't see this same output.


The 'destination' appears to be the broadcast address of the network-route you added.  I believe if you add a host-route instead then the 'destination' will be the same as the IP address you specified in the command (with a mask of 255.255.255.255).


The 'gateway' is the IP address of the router to which the firewall will forward this traffic.

In your first output you already have an interface on the same subnet as the IP address you specified so there is no 'gateway' specified there (since the firewall will just ARP and forward the traffic to that destination IP).

6 Replies
sliedl
Level 14
Report Inappropriate Content
Message 2 of 7

Re: Route -n get command

Jump to solution

'destination' is the IP address of the router to which the firewall will forward traffic for the IP address you specified in the command.

'if address' is the IP address of the firewall interface through which this traffic will leave when destined to the IP address you specified in the command.

mike18
Level 7
Report Inappropriate Content
Message 3 of 7

Re: Route -n get command

Jump to solution

If i run the same command for different IP address it shows this output

route -n get 192.16.10.220

   route to: 192.16.10.220

destination: 192.16.10.128

       mask: 255.255.255.128

    gateway: 10.31.102.18*******************************************

  interface: 1-1

if address: 10.31.102.17

     region: 2

      flags: <UP,GATEWAY,DONE,PROTO1>

recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire

       0         0         0         0      1500         1         0

Need to understand why it shows gateway address here?

Does it mean that traffic to 172.16.10.220 will leave via router 192.168.10.128 via firewall inetrface IP 10.31.102.17?

What role does Gateway IP 10.31.102.18 plays here?

Best Regards

Mike

sliedl
Level 14
Report Inappropriate Content
Message 4 of 7

Re: Route -n get command

Jump to solution

Oh sorry, the output does change when you have explicit routes configured.  The firewall I tested on only had the 'interface routes' and the 'default' route so I didn't see this same output.


The 'destination' appears to be the broadcast address of the network-route you added.  I believe if you add a host-route instead then the 'destination' will be the same as the IP address you specified in the command (with a mask of 255.255.255.255).


The 'gateway' is the IP address of the router to which the firewall will forward this traffic.

In your first output you already have an interface on the same subnet as the IP address you specified so there is no 'gateway' specified there (since the firewall will just ARP and forward the traffic to that destination IP).

Highlighted
mike18
Level 7
Report Inappropriate Content
Message 5 of 7

Re: Route -n get command

Jump to solution

Hi Sliedl,

Correct me if i am wrong but destination 192.16.10.128 is network address.

Broadcast address will be 192.16.10.255.

Regards

Mike

sliedl
Level 14
Report Inappropriate Content
Message 6 of 7

Re: Route -n get command

Jump to solution

Yes, sorry, I mixed that one up, you're correct.

mike18
Level 7
Report Inappropriate Content
Message 7 of 7

Re: Route -n get command

Jump to solution

Many thanks for answering the question.

Regards

Mike

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community