default route 0.0.0.0 being accessed ?
-
Hello fellow Netgate community members,
Can you please help? I noticed today that our Amazon Fire is trying to access 0.0.0.0 sometimes. I have 127.0.0.1 in the Squid proxy I have a certificate installed on the tablet as well as the proxy is configured on it the system has internet.
Is this an issue? The firewall has a default route of 0.0.0.0 that it can access for Nat, however the tablet trying to access 0.0.0.0 now and not the proxy or the ACLs. I also have WPAD configured on this system.
Is this something to be concerned about ?
-
Well it will fail, 0.0.0.0 is not an IP address that can be accessed. That's not necessarily a problem if it just tries again and uses a real address.
I'd guess it's trying to resolve something, failing and then for some reason defaulting (incorrectly IMO) to 0.0.0.0.Steve
-
Can I add a NAT for this and push it to the DNS?
anything on lan that wants to access 0.0.0.0 on 443 push to 192.168.1.1:3128 or 192.168.1.1?
Make sure to upvote
-
@stephenw10 I bet its the fire wants to use ipv6
-
-
@jonathanlee said in default route 0.0.0.0 being accessed ?:
Can I add a NAT for this and push it to the DNS?
For 0.0.0.0? Not really. The only thing I ever expect to see using that are DHCP clients before they have an IP address. Nothing should broadcasting on port 443 IMO.
Steve
-
@stephenw10 said in default route 0.0.0.0 being accessed ?:
failing and then for some reason defaulting (incorrectly IMO) to 0.0.0.0.
That is a fail for sure.. That isn't going anywhere.. I would take a sniff of that traffic - maybe some clue to what its actually trying to accomplish.. Because that just seems like a complete fail - which if some code on some fire stick.. I wouldn't be surprised... Its general practice to return 0.0.0.0 on a dns query -- this says hey you ain't getting there.. Its a black hole sort of response from dns...
I hand it out to stuff that is blocked.
Odd to see a client actually try and go there ;) Horrible coding on the clients part I take it..
From my understanding 0.0.0.0 is a black hole, host getting that back via dns query should know to not to try and go there as it is a non-routable meta-address used to designate an invalid, unknown, or non applicable target.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
pfBlocker, Pi-Hole or a blacklist maybe ?
-
@johnpoz I block doubleclick also they have some bad bugs in that system. I am glad to see I am not the only one.
-
J JonathanLee referenced this topic on
