Huawei B818 Bridged Mode
-
@deanfourie still not dodgy you recon.
-
If it's in the same subnet then you would see any broadcast traffic from those IPs, yes.
I have no idea yet if your WAN IP is in that subnet or not if one of them is the gateway you are being passed by DHCP. I would imagine they are.
-
Actually is looks like it is. What subnet mask is it given?
-
@stephenw10 no, my WAN interface on pfSense is given my public static IP, not a private.
-
Those are public IPs. The IP you are logged into the forum with is also in that range.
What subnet mask is is giving pfSense on the WAN?
Steve
-
@deanfourie how can I find the interface mask, can't see it anywhere
-
In Status > Interfaces. 'Subnet mask IPv4'
Or at the console, the /24 show here for example:
WAN (wan) -> re1 -> v4/DHCP4: 172.21.16.10/24 -
This post is deleted! -
My LAN is a 224 or /27 but no subnet mask on the WAN side.
-
Hmm, well it shows as not connected there.
It should show an IPv4 address and subnet mask. It will show at the console (if it's actually connected).
Or you would be able to see it in the routing table in Diag > Routes -
@stephenw10 can I PM you an image?
-
@deanfourie Sure.
-
For the benefit of anyone reading the dhcp server is passing a /16 subnet mask. So WAN side IPs in the ARP table are all inside that.
-
I have
163.47.0.1 - acoresw05.metro-cit.ac.jp
163.47.0.2 - aedgesw30.metro-cit.ac.jp
163.47.0.3 - unknown?all in my routing table.
WTF is this? Any why are they in my routing table.
-
@deanfourie bump
-
They are in your ARP table not the routing table.
163.47.0.1 is in both because it's the WAN gateway address.
163.47.1.1 and 163.47.2.1 appear to be IPs on the same device, using the same Huawei MAC, which I assume is the LTE router but could be something further upstream.
I have no idea why those IPs are on that devuce but since they're inside the WAN subnet it's expected that they would appear in the ARP table. Nothing there looks like a problem.
Steve
-
@stephenw10 Ok so I called my ISP yesterday and today. Their response is that these subnets or this IP range has nothing to do with them, and they believe this route is introduced by me and refuse to take any responsibility for it.
So now I'm sitting with a DYNAMIC route which pfSense sees as STATIC (S), to a university in Japan, and I cannot for the life of me work out how it got there.
Also to add, that this appears to be at Layer 2 as I also am seeing entries in my ARP table.
ISP claims it has nothing to do with them whatsoever.
-
@deanfourie Ill just put this here.
I now have NS1 and NS2 in my ARP table.
Some interesting images below. A traceroute still seems to go out via layer 3 and takes a few hops.
-
163.43.X.X is not inside the /16 you are being passed (163.47.0.0/16) so traffic to it will be routed as expected. You would not be able to reach any of the real addresses in that subnet though. I doubt your ISP actually has that entire /16. It could be the modem doing whatever shenanigans it has to to pass the WAN IP to you directly.
163.47.0.0/22 is assigned to that college in Japan but your traffic is not going via that. Something in the route is incorrectly using the IP.
https://bgpview.io/prefix/163.47.0.0/22Your ISP actually has at most 163.47.222.0/22: https://bgpview.io/prefix/163.47.220.0/22
You probably can't reach this site for example: https://www2.metro-cit.ac.jp/~ee/
Because that resolves to 163.47.1.2 and pfSense thinks that is local to it.
Steve
-
Is that MAC address actually the modem?
If the modem is not in bridged mode can you see what gateway and subnet the ISP are actually passing?
Steve
