100.64/10 is not private?



  • pfSense blocks 100.64/10 as private address space, which seems strange to me. I have found about this when I checked the firewall logs (see image).



  • Reserved IPv4 addresses
    CIDR Address Range Number of Addresses Routed on the public Internet Purpose
    0.0.0.0/8 0.0.0.0 –
    0.255.255.255 16777216 No Used for broadcast messages to the current ("this") network as specified by RFC 1700, page 4.
    10.0.0.0/8 10.0.0.0 –
    10.255.255.255 16777216 No Used for local communications within a private network as specified by RFC 1918.
    100.64.0.0/10 100.64.0.0 –
    100.127.255.255 4194304 No Used for communications between a Service Provider and its subscribers when using a Carrier-grade NAT, as specified by RFC 6598.
    127.0.0.0/8 127.0.0.0 –
    127.255.255.255 16777216 No Used for loopback addresses to the local host, as specified by RFC 5735.
    169.254.0.0/16 169.254.0.0 –
    169.254.255.255 65536 No Used for autoconfiguration between two hosts on a single link when no IP address is otherwise specified, such as would have normally been retrieved from a DHCP server, as specified by RFC 5735.
    172.16.0.0/12 172.16.0.0 –
    172.31.255.255 1048576 No Used for local communications within a private network as specified by RFC 1918
    192.0.0.0/29 192.0.0.0 –
    192.0.0.7 8 No Used for the DS-Lite transition mechanism as specified by RFC 6333
    192.0.2.0/24 192.0.2.0 –
    192.0.2.255 256 No Assigned as "TEST-NET" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
    192.88.99.0/24 192.88.99.0 –
    192.88.99.255 256 Yes Used by 6to4 anycast relays as specified by RFC 3068.
    192.168.0.0/16 192.168.0.0 –
    192.168.255.255 65536 No Used for local communications within a private network as specified by RFC 1918.
    198.18.0.0/15 198.18.0.0 –
    198.19.255.255 131072 No Used for testing of inter-network communications between two separate subnets as specified in RFC 2544.
    198.51.100.0/24 198.51.100.0 –
    198.51.100.255 256 No Assigned as "TEST-NET-2" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
    203.0.113.0/24 203.0.113.0 –
    203.0.113.255 256 No Assigned as "TEST-NET-3" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
    224.0.0.0/4 224.0.0.0 –
    239.255.255.255 268435456 Yes Reserved for multicast assignments as specified in RFC 5771
    240.0.0.0/4 240.0.0.0 –
    255.255.255.254 268435455 No Reserved for future use, as specified by RFC 5735.
    255.255.255.255/32 255.255.255.255 1 No Reserved for the "limited broadcast" destination address, as specified by RFC 5735.



  • Well yeah, nm, I found this: http://tools.ietf.org/html/rfc6598
    Trying to figure this out. That port is my bittorrent port and that address range can be used by ISPs. FIN,PUSH,ACK? It's not something that should hit my router, or is it?



  • No - It shouldn't be getting routed I don't think.  Not according to the tables I was looking at.

    Unless you are a recipient of "Carrier grade NAT" .  Are you an ISP?

    http://en.wikipedia.org/wiki/Carrier-grade_NAT



  • Well, sort of. I do provide an internet connection to my neighboors by running an open access point. But other than that, I don't do CGN or something. :)



  • Its very strange you should see that hitting your firewall then.


Log in to reply