Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    100.64/10 is not private?

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 2 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      senser
      last edited by

      pfSense blocks 100.64/10 as private address space, which seems strange to me. I have found about this when I checked the firewall logs (see image).
      ps.png
      ps.png_thumb

      We use the mighty pf, we cannot be fooled.

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        Reserved IPv4 addresses
        CIDR Address Range Number of Addresses Routed on the public Internet Purpose
        0.0.0.0/8 0.0.0.0 –
        0.255.255.255 16777216 No Used for broadcast messages to the current ("this") network as specified by RFC 1700, page 4.
        10.0.0.0/8 10.0.0.0 –
        10.255.255.255 16777216 No Used for local communications within a private network as specified by RFC 1918.
        100.64.0.0/10 100.64.0.0 –
        100.127.255.255 4194304 No Used for communications between a Service Provider and its subscribers when using a Carrier-grade NAT, as specified by RFC 6598.
        127.0.0.0/8 127.0.0.0 –
        127.255.255.255 16777216 No Used for loopback addresses to the local host, as specified by RFC 5735.
        169.254.0.0/16 169.254.0.0 –
        169.254.255.255 65536 No Used for autoconfiguration between two hosts on a single link when no IP address is otherwise specified, such as would have normally been retrieved from a DHCP server, as specified by RFC 5735.
        172.16.0.0/12 172.16.0.0 –
        172.31.255.255 1048576 No Used for local communications within a private network as specified by RFC 1918
        192.0.0.0/29 192.0.0.0 –
        192.0.0.7 8 No Used for the DS-Lite transition mechanism as specified by RFC 6333
        192.0.2.0/24 192.0.2.0 –
        192.0.2.255 256 No Assigned as "TEST-NET" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
        192.88.99.0/24 192.88.99.0 –
        192.88.99.255 256 Yes Used by 6to4 anycast relays as specified by RFC 3068.
        192.168.0.0/16 192.168.0.0 –
        192.168.255.255 65536 No Used for local communications within a private network as specified by RFC 1918.
        198.18.0.0/15 198.18.0.0 –
        198.19.255.255 131072 No Used for testing of inter-network communications between two separate subnets as specified in RFC 2544.
        198.51.100.0/24 198.51.100.0 –
        198.51.100.255 256 No Assigned as "TEST-NET-2" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
        203.0.113.0/24 203.0.113.0 –
        203.0.113.255 256 No Assigned as "TEST-NET-3" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
        224.0.0.0/4 224.0.0.0 –
        239.255.255.255 268435456 Yes Reserved for multicast assignments as specified in RFC 5771
        240.0.0.0/4 240.0.0.0 –
        255.255.255.254 268435455 No Reserved for future use, as specified by RFC 5735.
        255.255.255.255/32 255.255.255.255 1 No Reserved for the "limited broadcast" destination address, as specified by RFC 5735.

        1 Reply Last reply Reply Quote 0
        • S
          senser
          last edited by

          Well yeah, nm, I found this: http://tools.ietf.org/html/rfc6598
          Trying to figure this out. That port is my bittorrent port and that address range can be used by ISPs. FIN,PUSH,ACK? It's not something that should hit my router, or is it?

          We use the mighty pf, we cannot be fooled.

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            No - It shouldn't be getting routed I don't think.  Not according to the tables I was looking at.

            Unless you are a recipient of "Carrier grade NAT" .  Are you an ISP?

            http://en.wikipedia.org/wiki/Carrier-grade_NAT

            1 Reply Last reply Reply Quote 0
            • S
              senser
              last edited by

              Well, sort of. I do provide an internet connection to my neighboors by running an open access point. But other than that, I don't do CGN or something. :)

              We use the mighty pf, we cannot be fooled.

              1 Reply Last reply Reply Quote 0
              • K
                kejianshi
                last edited by

                Its very strange you should see that hitting your firewall then.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.