Why outgoing LAN being blocked?
-
"Doing a traceroute over a Charter or Comcast connection will show a 10.x.x.x IP as well."
No not really - I am on comcast, and as you see there is no 10.x in my trace.
See hop 2, next hop after my pfsense box
;; ANSWER SECTION:
xx.xx.13.24.in-addr.arpa. 7194 IN PTR c-24-13-xx-xx.hsd1.il.comcast.net.NetRange: 24.0.0.0 - 24.15.255.255
CIDR: 24.0.0.0/12
OrgName: Comcast Cable Communications, Inc.
-
I've seen it on some Comcast connections in the past. Here is mine (Charter):
Tracing route to 8.8.8.8 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 10.1.16.1 2 8 ms 7 ms 8 ms 10.216.96.1 3 11 ms 10 ms 9 ms 96.34.70.34 4 13 ms 10 ms 9 ms 96.34.70.116 ... -
Your first hop is 10, which is local with that <1ms response time, and then your second hop is also 10..
So your saying your router (pfsense/other) shows a public IP on it like his and mine, 68.x and my 24.x or does yours have a 10.x.x.x something on where the mask puts in in the same network as your hop 3 10.216.96.1
What your showing makes sense where nat to public happening between hop 2 and 3.
What doesn't make sense in his setup is he has a public showing a public gateway – but a 10.x in the middle. Your trace looks like a typical double nat setup to me..
-
My router (pfSense) is 10.1.16.1. My first hop outside of my network is 10.216.96.1 which is the CMTS interface (Charter).
-
No 10.1.16 is your LAN of pfsense - what is the WAN of your pfsense. Is it 10.216 or say something public like my 24.x or his 68.x
Your routers WAN ip would never been shown in a hop. Unless tracing inbound to your IP.
-
My WAN IP is 68.186.x.x which of course isn't shown on an outbound tracert.
-
Can you run a under diag, on pfsense a capture on your wan interface and then ping it and capture the traffic. Then we can see its mac in the wirecapture.. Then compare its mac to mac of your isp router at the 68.
Hi John, can you please clarify the process of running an under diag on pfSense? On pfSense I would go to "Diagnostics -> Packet Capture"? I apologize if that is incorrect, this is all still somewhat new to me.
I get this when I ran a packet capture on the WAN interface and used that 10.x (found in my tracert) as the Host Address->
"IP 10.175.0.1.67 > 255.255.255.255.68: UDP, length 300".
When I opened that packet capture in WireShark and looked for the MAC address I found–->
"Ethernet II, Src: Cisco_X:X:X (00:26:99:X:X:X), Dst: Broadcast (ff:ff:ff:ff:ff:ff)".
The arp -a showed that "ip68-105-X-1.cox.net (68.105.X.1) at 00:26:99:X:X:X on em0 expires in 1199 seconds [ethernet]"
Under the Bootstrap Protocol section for the DHCP ACK its showing the Client MAC Address as "Motorola" prefix 00:0b:06.
Under the same section, but for the DHCP Offer, its showing the Client MAC Address as "Cisco" prefix 00:22:6b.
-
"My WAN IP is 68.186.x.x which of course isn't shown on an outbound tracert."
And how exactly does a 68.186 address talk to a 10.x address? And what exactly does pfsense say is your gateway address is?
Where is anything close to 68.186?
1 <1 ms <1 ms <1 ms 10.1.16.1
2 8 ms 7 ms 8 ms 10.216.96.1
3 11 ms 10 ms 9 ms 96.34.70.34Your trace makes NO sense if your saying pfsense shows your public IP as 68.186.x.x
Notice in my trace..
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 192.168.1.253 1.726 ms 1.603 ms 1.557 ms
2 24.13.xx.1 19.559 ms 20.384 ms 38.945 ms
3 68.85.131.149 19.922 ms 19.911 ms 19.906 msWhere my wan IP is 24.13.x.x with a /21 mask - and when I trace I show that hop my router talked to next – in the same network as actually IN.. ie 24.13.x.x/21
You are looking at dhcp packets - no you want icmp in the dropdown of the packet capture.. And ping the 10.175.0.1 address from a client.. And only capture stuff to 10.175.0.1
See where I use 8.8.8.8 use that 10.175.0.1 address you see in your trace
-
The cable modem requests an IP address, it is given a 10.x address. It communicates with the CMTS which also has a 10.x address. The CMTS is also configured with a routable address which is the gateway IP.
-
Okay, I did as you said and pinged the 10.x address from a client while I was capturing the ICMP packets from that IP and looked at it in WireShark.
The 10.175.0.1 address has the 00:26:99 MAC prefix, which is Cisco. My WAN Interface (68.x) has a MAC prefix of 54:be:f7. Searching it gives me no results.
I looked at my modem's MTA MAC and it is "e4:48:c7", which is "Cisco SPVTG".
-
I show that as
http://www.wireshark.org/tools/oui-lookup.html
54:BE:F7 PEGATRON CORPORATIONhttp://en.wikipedia.org/wiki/Pegatron
Pegatron Corporation (Chinese: 和碩聯合科技股份有限公司; pinyin: Hé shuò liánhé kējì gǔfèn yǒuxiàn gōngsī, lit. Grand Mastery United Technology Corporation) is a Taiwanese electronics manufacturing company that develops mainly computing, communications and consumer electronics to branded vendors, but also engages in the development, design and manufacturing of computer peripherals and components. Pegatron's primary products include notebooks, netbook computers, desktop computers, game consoles, handheld devices, motherboards, video cards, LCD TVs, as well as broadband communication products such as smartphones, set-top boxes and cable modems.[6][7]
Your only going to be able to see macs of of devices directly connected to you, or over a bridge. So is the mac of 10.175 the same as mac of your 68.x gateway?
-
Your only going to be able to see macs of of devices directly connected to you, or over a bridge. So is the mac of 10.175 the same as mac of your 68.x gateway?
Yes, I ran a packet capture on the 10.175.0.1 address and the MAC is the same as the 68.x Gateway.. both are 00:26:99:XX:XX:XX
-
New knowledge is very attractive.
