198.51.100.99 - Odd choice of blocking address

Comments

2 comments

  • Avatar
    Melvin Tu

    Hi Jason,

     

    This IP address is from a reserved IP address block, which is not supposed to be used by anybody else in a production environment.

    Reference: https://tools.ietf.org/html/rfc5737

     

    The reason a separated IP address is used instead of the Firewalla IP is to differentiate real traffic to Firewalla itself or blocked traffics. And we could apply different logic for different reserved IP addresses. For example, for 100.99 it will be silently dropped, for 100.100, it will be active rejected, for 100.101, it will be redirect to a sorry page.

     

    Note: a "sorry" page will be implemented in the future.

     

    Thanks,

    Melvin

  • Avatar
    Jason Martin

    Ah, I see my mistake.  

    tcpdump output:

    08:08:18.787502 IP 192.168.1.67.53647 > 198.51.100.99.http: Flags [S], seq 204322262, win 29200, options [mss 1460,sackOK,TS val 238832614 ecr 0,nop,wscale 7], length 0
    08:08:18.787979 IP 192.168.1.225 > 192.168.1.67: ICMP 198.51.100.99 tcp port http unreachable, length 68

     

    The Firewalla is replying with  'icmp port unreachable' which my browser showed as Connection Refused. It is not going out to a remote instance.

     

    Thank you for the detailed reply.

Please sign in to leave a comment.

Powered by Zendesk