Huawei B818 Bridged Mode
-
The port scans you showed before were against the wrong subnet so I'd be surprised if you can reach anything other then the 3 IPs that appear in the ARP table.
Is that MAC address the local modem?
If you take the modem out of bridge mode can you see the gateway and subnet mask the ISP is actually sending it?
You're right, something is incorrectly using those IPs when it doesn't own them. It's either the ISP or the modem. Traffic is not actually going via Japan though.
Steve
-
Ok, so im going to kick this old chestnut off again.
I now have more static routes in my routing table. One is 100.0.0.1 and appears to be a 100.0.0.0/8 network.
Now, if I ping ANY address in 100.x.x.x range, it creates a ARP entry for that address on my WAN interface (I have arpwatch installed and sends me a notification). The ARP table fills up so much so that it cannot be opened and times out.
Why would this be happening?
-
@deanfourie See attached.
-
If you have 100.0.0.0/8 as a local subnet then when you try to ping anything in it pfSense will try to ARP for it. It looks like something upstream is responding. Probably something configured for proxyarp.
Steve
-
Again, this is not a static route I have put there. And I have no local subnet on 100.0.0.0
This route and these ARP entries are on my WAN interface.
-
Right it's added by DHCP. It's in the routing table though. It's a local subnet to pfSense.
-
@stephenw10 but how can my ISP be giving me an entire layer 2 subnet at 100.0.0/8.
What if I need to visit a website at 100.60.4.1 for example?
-
You wouldn't be able to. It's a bad config. I have no idea why your ISP (or perhaps the modem) is passing that to you.
I seem to recall you said that doesn't happen at the modem when it's not in bridge mode?
That seems to imply the modem is somehow adding it.Steve
-
@stephenw10 well I can't say for certain if it is or is not doing it when not in bridge mode, as I cannot see the routing table, or the ARP table. I would imagine it does do it.
A bad config on my end or ISP?
-
Yes probably should be the CGNAT space, 100.64.0.0/10.
