pfSense Gold Subscription

Author Topic: BGP and Nieghbor with 169.254.. ip address  (Read 179 times)

0 Members and 1 Guest are viewing this topic.

Offline ajburg

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
BGP and Nieghbor with 169.254.. ip address
« on: November 20, 2017, 05:12:27 pm »
Hi,

I have a provider I am setting up a BGP connection with. The neighbor IP address is 169.254.169.254. I can ping this IP address without issue but the connection from this host back to the firewall is being blocked;

Nov 21 10:04:08   WAN   Block IPv4 link-local (1000000101)     169.254.169.254:51155     45.63.*.*:179   TCP:S

I know this is a link-local address and cannot be routed, but i am not routing i just want to accept this connection at the firewall to the openBGPD service.

This worked for a short period of time early in the configuration stage but I cannot get it past the firewall now.

I am using this to get an IP from the provider that i can float between 2 front end firewall's for redundancy. If you can suggest a better solution i am all ears too.

Kind Regards

Andrew

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21404
  • Karma: +1437/-26
    • View Profile
Re: BGP and Nieghbor with 169.254.. ip address
« Reply #1 on: November 22, 2017, 09:48:49 am »
APIPA link-local traffic is blocked by default because it usually is not traffic that should touch a firewall since it can never flow through a firewall.

If you must accept that traffic, then:

1. Make sure you have bogon blocking disabled on WAN, since that will block it
2. Disable the automatic rule to block it

 Diag > Command Prompt, PHP Exec:
Code: [Select]
$config['system']['no_apipa_block'] = true;
 write_config("do not block APIPA traffic");

And then run a filter reload from Status > Filter Reload
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline ajburg

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: BGP and Nieghbor with 169.254.. ip address
« Reply #2 on: November 26, 2017, 09:45:27 pm »
Perfect! thanks