Bizzare IP routing... Whuh? Bhuh? HUNH?

[GasBandit]

So I'm installing a new router for our third IP address, and the default internal address for the router is 192.168.1.1

I try to go to it with a browser but it times out... which is odd... so I ping it... and get a BIZARRE error message.

Pinging 192.168.1.1 with 32 bytes of data:
 
Reply from 66.76.232.18: TTL expired in transit.
Reply from 66.76.232.18: TTL expired in transit.
Reply from 66.76.232.18: TTL expired in transit.
Reply from 66.76.232.18: TTL expired in transit.
 
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

So I try to trace it and THIS happens.

Tracing route to 192.168.1.1 over a maximum of 30 hops
 
  1	<1 ms	<1 ms	<1 ms  192.168.0.254
  2	 2 ms	 1 ms	 1 ms  apgate254.txcyber.com [208.21.199.254]
  3	 3 ms	 2 ms	 2 ms  bcstcbrc01-v390.tex.sta.suddenlink.net [66.76.35.233]
  4	 2 ms	 2 ms	 3 ms  173-219-230-201-link.sta.suddenlink.net [173.219.230.201]
  5	 2 ms	 2 ms	 3 ms  173-219-230-204-link.sta.suddenlink.net [173.219.230.204]
  6	57 ms	 *	   53 ms  66-76-232-13.tyrd.suddenlink.net [66.76.232.13]
  7	35 ms	 *		*	 66-76-232-14.tyrd.suddenlink.net [66.76.232.14]
  8  1507 ms  1372 ms  1303 ms  173-219-229-77-link.sta.suddenlink.net [173.219.229.77]
  9	46 ms	 *	   36 ms  173-219-229-76-link.sta.suddenlink.net [173.219.229.76]
10	 *		*		*	 Request timed out.
11	 *	   61 ms	 *	 66-76-232-14.tyrd.suddenlink.net [66.76.232.14]
12  1577 ms  1347 ms  1334 ms  173-219-229-77-link.sta.suddenlink.net [173.219.229.77]
13	 *	   62 ms	 *	 173-219-229-72-link.sta.suddenlink.net [173.219.229.72]
14   108 ms   109 ms   110 ms  66-76-232-13.tyrd.suddenlink.net [66.76.232.13]
15   104 ms	 *		*	 66-76-232-14.tyrd.suddenlink.net [66.76.232.14]
16  1317 ms  1348 ms  1332 ms  173-219-229-77-link.sta.suddenlink.net [173.219.229.77]
17	 *		*		*	 Request timed out.
18	 *		*		*	 Request timed out.
19   120 ms	 *	 ^C

And it continues to (horribly) path between those same half dozen hops cyclically until I Ctrl-C.

I thought maybe there was something bizarre going on in my hosts file? Looked, no, hosts file is clean.

Sooo... I tried another PC in the building... same result.

I tried a different DNS! Same result!

Whaaaaah?

192.168 addresses aren't supposed to be able to get out the gateway anyway! What the hell is going on?!!

 

[Eriol]

What's your PC's IP and subnet? Most of the sub-nets are 255.255.255.0 which means only the 256 addresses that are the same up to the last dot-group are the same. After that, the routing usually goes "OK, go to my gateway, and then that one will try and figure out where to go." Yes there are special "rules" that are supposed to apply to 192.168.*.*, but you still need to tell your routers "this set is this way, that set is that way." Heck, the two PCs can be on the same SWITCH and still have issues, because they're not technically the same sub-net in most cases.

If your sub-net mask (for all PCs/routers) is wider, like 255.255.0.0, then they're all on the same sub-net, but you won't be able to go through "hops" of routers that way.

Also, an ascii-art and/or sketch of your network topology with real or fake IPs and ranges (and sub-net masks) would be helpful. It's not my "core job" by any stretch, but I do know the basics and have had to do "a bit" in the past before.

 

[GasBandit]

Well, you learn something every day. Apparently (according to another friend in the industry who knows way more about it than I do, apparently), while the entire 192.168.x.x range is considered "unroutable" by TCP/IP rules, only the 192.168.0.x range is ironclad internal - as in "never go through a router/gateway no matter what." So all of our network is 0n 0.x except this new router I'm putting in for our third external IP, so we've already got another gateway... and so trying to go to 192.168.1.1 to configure the new router while having another router as the gateway and a functioning DNS means that the trace goes off into my ISP's spaghettinet. This usually isn't an issue because most places only have one router/gateway that goes outside. This will be our third. So to get it configured I had to put it on an isolated switch with a PC until I could configure its internal IP into an address in the 192.168.0.x range. After that I could continue configuration on it in its properly installed place.

So! Fun.

 

[Eriol]

Glad you got it working.

And remember, "ironclad" rules are the first ones you test when doing security work. Just because it's "supposed" to not route, doesn't mean it won't. If the router had a very lazy implementation of IP, anything is possible. All such rules are always dependent on who did the programming of them.