BGP and Nieghbor with 169.254.. ip address
-
Hi,
I have a provider I am setting up a BGP connection with. The neighbor IP address is 169.254.169.254. I can ping this IP address without issue but the connection from this host back to the firewall is being blocked;
Nov 21 10:04:08 WAN Block IPv4 link-local (1000000101) 169.254.169.254:51155 45.63..:179 TCP:S
I know this is a link-local address and cannot be routed, but i am not routing i just want to accept this connection at the firewall to the openBGPD service.
This worked for a short period of time early in the configuration stage but I cannot get it past the firewall now.
I am using this to get an IP from the provider that i can float between 2 front end firewall's for redundancy. If you can suggest a better solution i am all ears too.
Kind Regards
Andrew
-
APIPA link-local traffic is blocked by default because it usually is not traffic that should touch a firewall since it can never flow through a firewall.
If you must accept that traffic, then:
1. Make sure you have bogon blocking disabled on WAN, since that will block it
2. Disable the automatic rule to block itDiag > Command Prompt, PHP Exec:
$config['system']['no_apipa_block'] = true; write_config("do not block APIPA traffic");And then run a filter reload from Status > Filter Reload
-
Perfect! thanks
