[ale] Tracking down an ICMP reply

Alex Carver agcarver+ale at acarver.net
Sun Jun 28 13:45:39 EDT 2015


I was looking at my firewall a few days ago and noticed an ICMP packet
being sent from a Hurricane Electric IP indicating host not found (type
3 code 1).  I can't seem to figure out what is triggering the response.
 I tossed in some logging on the firewall looking for an outbound
connection to the IP range but I've gotten no hits.  I don't have IPv6
enabled anywhere inside the network (though I do need to go back through
and make sure that's absolutely true) but I'm not sure why I'm not able
to find the outbound packet either.

I am probably not understanding how connections to Hurricane Electric
actually work.  Right now the messages come from a single IP
216.218.133.66 and I have set up in the postrouting chain:

iptables -t nat -I POSTROUTING 1 -d 216.218.128.0/17 -j LOG
--log-prefix="HE"

I would have expected a reply from that IP would have been initiated by
a packet to the IP but there's nothing.


More information about the Ale mailing list