[Linux-aus] internode/iinet/tpg ipv4 bogons in route

TMC tmciolek at gmail.com
Thu Jun 16 07:33:26 AEST 2022


Hi All

have you considered that routers might have different IP addresses on
"external facing"  and "internal facing" interfaces, hence the
discrepancies between outbound and inlound traceroute?

I would be curious if its the same number of hops each way

Tomasz

On Wed, 15 Jun 2022 at 23:34, Damon Permezel via linux-aus <
linux-aus at lists.linux.org.au> wrote:

> I am sure I'm not blocking the ping at my (UDM Pro) firewall, but the
> Fritz!box also has a firewall.
>
> Because I see the weird 10.20.21.212 hop outbound, I assumed I would see
> it on inbound, and thus it appeared to be the next hop to fix.
> However, no small amount of dorking about with the Fritz!Box has resulted
> in me figuring out that I need to designate the UDM as "exposed host".
>
> I know I should have more faith in the Unifi firewall, and I should have
> been happy to put the UDM into the DMZ, but I always felt marginally less
> insecure leaving it so that the mystical, inaccessible Fritz!box firewall
> was also preventing rogue SYNs from molesting my sockets.
>
> Once I enable "Exposed Host" on the Fritz, pings work, and "mtr" is able
> to reveal to me that there is no 10.20.21.212 hop inbound.  Just outbound.
>
> The bogon hop still annoys me -- perhaps I need to get a life.
>
>
> Sent with Proton Mail secure email.
> ------- Original Message -------
> On Wednesday, June 15th, 2022 at 15:10, Paul Gear via linux-aus <
> linux-aus at lists.linux.org.au> wrote:
>
>
> > The existence of that node on the path should not break mtr - it should
> > continue trying increased TTLs until it gets to the end node.
> >
>
> > Are you sure you're not blocking ping at your firewall?
> >
>
> > On 15/6/22 14:35, Damon Permezel via linux-aus wrote:
> >
>
> > > Breaks mtr.
> > > Im trying to diagnose some issues and the other party insists on mtr
> > > working from both sides.
> > > Inbound to me the 10.20.21.212 drops all pings and mtr goes no further.
> > > The ping is not addressed to 10.20.21.212. It should elicit a ttl
> > > expired icmp response.
> > >
>
> > > Thats the main reason this got my attention again.
> >
>
> > _______________________________________________
> > linux-aus mailing list
> > linux-aus at lists.linux.org.au
> > http://lists.linux.org.au/mailman/listinfo/linux-aus
> >
>
> > To unsubscribe from this list, send a blank email to
> > linux-aus-unsubscribe at lists.linux.org.au
> _______________________________________________
> linux-aus mailing list
> linux-aus at lists.linux.org.au
> http://lists.linux.org.au/mailman/listinfo/linux-aus
>
> To unsubscribe from this list, send a blank email to
> linux-aus-unsubscribe at lists.linux.org.au



-- 
--
GPG key fingerprint: 07DF B95B DB58 57B6 9656  682E 830A D092 288E F017
GPG public key available on pgp(dot)net key server
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux.org.au/pipermail/linux-aus/attachments/20220616/2fae588b/attachment.html>


More information about the linux-aus mailing list