I've inherited administration duties for a firewall/gateway server, and I'm trying to understand what a particular static route setup in rc.local means:
...
route add 123.123.123.123/30 10.10.3.14
route add 123.123.123.123/32 10.10.3.13
...
Obviously, the IP addresses have been changed to protect the innocent.
What does this mean, and why is it routed this way?
It means packets for 123.123.123.120-122 will go via 10.10.3.14 and packets for 123.123.123.123 will go via 10.10.3.13.
Since the advent of CIDR, netmasks indicate the length of the prefix - technically any IP in the network can be used, but by convention the non-masked bits are set to 0, which is why 'network addresses' are always on even numbers.
Most specific wins - /32 is more specific (longer) than /30, so it takes precedence over the /30.
Are the "123.123.123.123" addresses really the exact same in the setup you are debugging - or are they slightly different?
Assuming they are different - the first line means that anything in the network defined by 123.123.123.123/30 should be forwarded to 10.10.3.14. The second line means the specific IP address 123.123.123.123 should be forwarded to 10.10.3.13.
As to why - we'd need more context.
First line: packets to hosts at
123.123.123.123/30are routed via10.10.3.14, except (second line) for packets to123.123.123.123/32, which are routed via10.10.3.13.However, I suspect a anonymization error, if you really define a /30 network, the first address (same ip/32) is the "network"-address, which doesn't really get packets. It could also be, that someone tries to route a slice out of a bigger subnet differently, but it smells funny...