Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 2 subscribers
  • Views 6385 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fios Routing Of 10.0.0.0/8 IP Addresses

scottj_01
All-

Please see attached link from DSL reports. It raises some very interesting questions. The first question I have is how do I block all private addressing from going out to the internet from my UTM? The following ranges would need to be blocked:

 10.0.0.0/8
 172.16.0.0/12
 192.168.0.0/16

Currently I have a dnat rule to drop some CIDR's that was using 10.0.0.1 as a black hole so I thought. However is appears it may be going out to the internet.Oddly enough I get a response from the internet using not only 10.0.0.0/8 but on random private addresses in the 198 and 172 range. It appears some of the 10.0.0.0/8 may actually be some of verizon cisco routers.

https://secure.dslreports.com/forum/r28973061-Networking-Is-10.0.0.0-8-not-blackholed-

Thanks,
Jim


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    Yes, a Network Group would work.

    Firewall rules are preferred over blackhole NATs when possible, as it's normally easier to work with all the drops on the firewall page.

    Note that you should not normally bind definitions to interfaces, except in special circumstances like this. It's necessary here to keep from breaking your VPNs.

    Barry
  • 0 in reply to BarryG
    Hi Barry,

    Thank you for your help. When I read your post the first thing I though of was the rulz you have posted.

    Thanks,
    Jim
Reply Children
  • 0 in reply to scottj_01
    Hi Barry,

    The configuration does not block the CIDR's I noted. I created a network definition for each. Added then to a group Blocked CIDR. Created a firewall rule Blocked CIDR. The firewall rule is any>any>blocked CIDR, and enabled and is the secon rule from the top. However no blocking is taking place. Can you provide some direction?

    Thanks,
    Jim
Cookie Information Banner