Bug#772650: general: Debian could not use gateway in 169.254.0.0 ip range

To: Maciej Kotliński <mkotl@ibb.waw.pl>
Cc: 772650@bugs.debian.org
Subject: Bug#772650: general: Debian could not use gateway in 169.254.0.0 ip range
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Tue, 9 Dec 2014 17:19:46 -0200
Message-id: <[🔎] 20141209191946.GB361@khazad-dum.debian.net>
Reply-to: Henrique de Moraes Holschuh <hmh@debian.org>, 772650@bugs.debian.org
In-reply-to: <[🔎] 548734E5.308@ibb.waw.pl>
References: <[🔎] 20141209153416.16200.57397.reportbug@localhost.localdomain> <[🔎] 20141209161311.GB24906@khazad-dum.debian.net> <[🔎] 548734E5.308@ibb.waw.pl>

On Tue, 09 Dec 2014, Maciej Kotliński wrote:
> You don't understand what I mean. The gateway is forwarding packages!
> It is forwarding packages from Windows, Mac, and other Linux boxes
> in 169.254.x.x

The gateway is doing something it was not supposed to do in the first place.

> Debian Jessie box doesn't send this packages, there is no packages
> directed outside arriving gateway (tcpdump).

And the computer that is refusing to play along is an end station, not a
router.  I understand your scenario, now.

> This is strange for me and there should be the way to change this behaviour.

There probably is, I wrote as much.

> You should know that linux as a router forwards 169.254.x.x traffic
> as any other range.

Not when properly configured.  That said, I gave you commands to try to
locate where the filtering is going on in the gateway, because I wrongly
assumed it was dropping the packets.

These commands also work on end stations, but on end stations there are a
few other places you have to look at.  One that comes to mind is "ip addr",
check the address scope.  If it says "scope link", the kernel *knows* this
address is unsuitable to talk to anything outside of its network mask.

And what the kernel knows, it uses on source address selection.  That could
well be a false trail, but you did say you understand iptables, so I will
assume you verified that no firewall rule is dropping those packets, and
that you did verify both the raw and filter tables of iptables.

Now, the kernel is not supposed to refuse to send packets silently, it
should return an error, and at least "ping" will issue such error messages
back to the user.  If this isn't happening, then the problem is likely
elsewhere.

Other places to look at: /proc/sys/net/*  (ip-sysctl.conf), especially bogon
filters, etc.  /etc/gai.conf (getaddrinfo() configuration for glibc).

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Bug#772650: general: Debian could not use gateway in 169.254.0.0 ip range
  - From: Maciej Kotliński <mkotl@ibb.waw.pl>
- Bug#772650: general: Debian could not use gateway in 169.254.0.0 ip range
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Bug#772650: general: Debian could not use gateway in 169.254.0.0 ip range
  - From: Maciej Kotliński <mkotl@ibb.waw.pl>

Prev by Date: Re: "general" bugs
Next by Date: Bug#772667: ITP: libtree-xpathengine-perl -- libtree-xpathengine-perl provides a re-usable XPath engine
Previous by thread: Bug#772650: general: Debian could not use gateway in 169.254.0.0 ip range
Next by thread: Bug#772650: marked as done (general: Debian could not use gateway in 169.254.0.0 ip range)
Index(es):
- Date
- Thread