Le 9 avril 2023 Tim Woodall a écrit : >>> Apr 9 06:27:48 ... IN=isp OUT= MAC=... SRC=1.0.168.192 DST=224.0.0.1 ... >>> PROTO=ICMP TYPE=9 CODE=0
This log is generated on your host? It comes directly from syslog or from a reporting tool? > I don't get a routable IPv4 address at all. My router is doing DS-lite > to emulate IPv4 connectivity. your host have ipv6 and ipv4 addresses or only ipv4 ? on your host can you give ip route ip -6 route ip address obfuscate if you want but let internal addresses, it's not a security hole > More annoyingly, there doesn't seem to be any way to tell the router > what the next hop router is for IPv6 and it doesn't forward packets for > any IP it doesn't know about - even with the firewall turned off. this is correct, it needs to know where you are to send you packets icmp type 9 are for that > So, even though it advertises a /57 on its internal interface, I'm being > forced to do NAT in order to have a firewall. I don't understand : if it don't forward, where do you do NAT ? > I cannot see packets for any address other than those in one /64 > although a traceroute shows they're getting to the router. You mean you have addresses on the /57 but you can't contact other /64 ? it seems like a subnet restriction set on the router, and rather common only a configuration point
