On Tue, 09 Dec 2014, Maciej Kotliński wrote: > It is possible to ping the gateway and other computers in 169.254.1.0/24 > network. The packets are not routed by the nat.
link-local addresses, such as 169.254.0.0/16 are "unroutable". No traffic from/to link-local addresses is allowed to go "through* an IP router/gateway. Ever. That means it cannot be retransmitted to a different node (i.e. forwarded). The gateway is correct in dropping these packets when they're not destined to the gateway itself. Please switch to a private-use address range, such as a network inside the 192.168.0.0/16 range. Here's the document that specifies this stuff (for reference, should you need it or if you're curious about it): https://tools.ietf.org/html/rfc6890 The information for the link-local range 169.254.0.0/16 reads as follow (from RFC-6890, table 5): Address Block | 169.254.0.0/16 | Name | Link Local | RFC | [RFC3927] | Allocation Date | May 2005 | Termination Date | N/A | Source | True | Destination | True | Forwardable | False | Global | False | Reserved-by-Protocol | True | Note the "forwardable" as "false". Any packet with a source or destination address in this range MUST NOT be routed or forwarded by a router/gateway. > I don't know where is the problem. I know that 169.254.x.x range is assigned > to > zeroconf and avahi like stuff. Still it should be possible to configure/use > the > gateway in any ip range you want. It would be very difficult to change the > addressing here. To fix this properly, you'll likely have to deploy DHCP to assign forwardable/routable private-use addresses to your IP nodes. I recommend you use something like 192.168.x.y, where x is not in this list: 0, 1, 99 or 100. (that list is an attempt to avoid common "factory default" addresses for home routers, so that they will not collide with your real network). It is unfortunate that you'll have all this work, but your original configuration *was* invalid as far as the Internet standards go, and it only worked due to a bug in the IP gateway/router. It is now "broken as expected". Yeah, I know this is not nice to read, and I understand it is most certainly not what you'd like to read as an answer. But you will likely be better off in the long run if you fix this properly. That said, it may be possible to revert the gateway to an uncompliant configuration that forwards unforwardable packets. I don't know exactly what changed, though, and a quick google search turned out nothing so I cannot help you with a recipe. Maybe someone does and will reply with the specific commands required. However, you *can* use the "iptables -v" and "ip route" commands to look at the active packet filter and routing rules, and search for 169.254 there. If you find nothing, also look at the output of "ip rule". If you find something referencing 169.254, that's the rule that is blocking the forwarding. If you find nothing, the kernel is enforcing a built-in hardcoded do-not-forward rule for unforwardable packets. It can probably be disabled in /proc/sys/net somewhere. This all assumes you have a IP router/gateway with forwarding enabled, of course. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
