BGP and Nieghbor with 169.254.. ip address



  • Hi,

    I have a provider I am setting up a BGP connection with. The neighbor IP address is 169.254.169.254. I can ping this IP address without issue but the connection from this host back to the firewall is being blocked;

    Nov 21 10:04:08 WAN Block IPv4 link-local (1000000101)   169.254.169.254:51155   45.63..:179 TCP:S

    I know this is a link-local address and cannot be routed, but i am not routing i just want to accept this connection at the firewall to the openBGPD service.

    This worked for a short period of time early in the configuration stage but I cannot get it past the firewall now.

    I am using this to get an IP from the provider that i can float between 2 front end firewall's for redundancy. If you can suggest a better solution i am all ears too.

    Kind Regards

    Andrew


  • Rebel Alliance Developer Netgate

    APIPA link-local traffic is blocked by default because it usually is not traffic that should touch a firewall since it can never flow through a firewall.

    If you must accept that traffic, then:

    1. Make sure you have bogon blocking disabled on WAN, since that will block it
    2. Disable the automatic rule to block it

    Diag > Command Prompt, PHP Exec:

     $config['system']['no_apipa_block'] = true;
     write_config("do not block APIPA traffic");
    

    And then run a filter reload from Status > Filter Reload



  • Perfect! thanks


Log in to reply