IP addresses on subnet edge (/24)

• Previous message (by thread): IP addresses on subnet edge (/24)
• Next message (by thread): IP addresses on subnet edge (/24)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 14/09/2020 22:25, Andrey Khomyakov wrote:
> TL;DR I suspect there are middle boxes that don't like IPs ending in
> .255. Anyone seen that?

Yes, but not for many, MANY years. I would expect that this service
might not like addresses ending in .0 either?

It was ca. 2010, when I started receiving an increasing number of
complaints that connections from addresses ending in .0 or .255 were
failing toward my (at the time) hosted services. This behaviour was
eventually* narrowed to iptables rules carelessly included with 'Atomic
Secured Linux' that purposely blackholed connections if the source
address' most specific octet happened to contain .0 or .255.

I'm sure that 'ASL' wasn't the only piece of software to have shipped
with this default behaviour, so should you discover any box of any sort,
configuration (or age) blindly hampering the connectivity for addresses
with all-1s or all-0s in any of the three most-specific octets, please
take this as infallible permission to promptly introduce it to the
nearest body of water. :)

* I still have AAISP - my home ISP at the time - to thank for routing me
a /30 with a .255 address in it! It wouldn't have been as easy to
resolve without that - very few UK consumers were being assigned
addresses with .255 in them at the time.

-- 
Tom

• Previous message (by thread): IP addresses on subnet edge (/24)
• Next message (by thread): IP addresses on subnet edge (/24)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]