Re: ICMP router advertisement (ipv4)

[Tim Woodall <debianuser@woodall.me.uk>]

On Sun, 9 Apr 2023, Michel Verdier wrote:

> Le 9 avril 2023 Tim Woodall a ?crit :
>
> > They're not causing me any issues but is it expected that the IP address
> > is reversed in these messages?
> >
> > Apr  9 06:27:48 ... IN=isp OUT= MAC=... SRC=1.0.168.192 DST=224.0.0.1 ... PROTO=ICMP TYPE=9 CODE=0
>
> No IP are never reversed in iptables/nftables logs as effectively it
> seems to be in your log. But :
>
> $ host 1.0.168.192
> 192.168.0.1.in-addr.arpa domain name pointer node-81s.pool-1-0.dynamic.totinternet.net.
> $ whois 1.0.168.192
> % [whois.apnic.net]
> % Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
>
> % Information related to '1.0.128.0 - 1.0.191.255'
>
> % Abuse contact for '1.0.128.0 - 1.0.191.255' is 'abuse@totisp.net'
>
> inetnum:        1.0.128.0 - 1.0.191.255
> netname:        TOTNET
> descr:          Dynamic IP Address for residential Broadband Customers
>
> Is this your ISP ?
No. I'm in Ireland. My router's IP is 192.168.0.1. I suspect an
endianness bug.

I don't get a routable IPv4 address at all. My router is doing DS-lite
to emulate IPv4 connectivity.

More annoyingly, there doesn't seem to be any way to tell the router
what the next hop router is for IPv6 and it doesn't forward packets for
any IP it doesn't know about - even with the firewall turned off.

So, even though it advertises a /57 on its internal interface, I'm being
forced to do NAT in order to have a firewall.

I cannot see packets for any address other than those in one /64
although a traceroute shows they're getting to the router.

I even tried advertising a /58 in the hopes that the a shorter prefix
might work but that was to no avail.

Tim.