Re: ICMP router advertisement (ipv4)
Le 9 avril 2023 Tim Woodall a écrit :
>>> Apr 9 06:27:48 ... IN=isp OUT= MAC=... SRC=1.0.168.192 DST=224.0.0.1 ... PROTO=ICMP TYPE=9 CODE=0
This log is generated on your host? It comes directly from syslog or from
a reporting tool?
> I don't get a routable IPv4 address at all. My router is doing DS-lite
> to emulate IPv4 connectivity.
your host have ipv6 and ipv4 addresses or only ipv4 ?
on your host can you give
ip route
ip -6 route
ip address
obfuscate if you want but let internal addresses, it's not a security
hole
> More annoyingly, there doesn't seem to be any way to tell the router
> what the next hop router is for IPv6 and it doesn't forward packets for
> any IP it doesn't know about - even with the firewall turned off.
this is correct, it needs to know where you are to send you packets
icmp type 9 are for that
> So, even though it advertises a /57 on its internal interface, I'm being
> forced to do NAT in order to have a firewall.
I don't understand : if it don't forward, where do you do NAT ?
> I cannot see packets for any address other than those in one /64
> although a traceroute shows they're getting to the router.
You mean you have addresses on the /57 but you can't contact other /64 ?
it seems like a subnet restriction set on the router, and rather common
only a configuration point
Reply to: