Most consumer routers and the software on them are that dumb. When the
NAT table is full, they start sending LAN traffic out of the WAN w/o
NAT, aka routing. I've seen this.. a lot. Like when customers have
eleventy billion devices and/or someone's doing BitTorrent.
But I think what Ken's seeing is a bit different. LAN MACs showing up in
the SM/CPE bridge table usually means something is happening at layer 2.
Most cheap-o routers have a 5 port switch and the WAN isn't the WAN port
until it's fully booted and configures itself. It very well could be
customer error as well. WAN port to a LAN port and another LAN port to
the radio is a likely scenario since a cat5 is provided with most
routers and most customers don't have a clue what LAN and WAN ports do.
"I completely unplugged everything, set it on the floor and looked at it
for a while, then plugged it all back in and it still didn't fix my
homepage." No, we didn't tell you to unplug everything. We told you to
unplug the power from the router, wait 5 seconds and plug it back in!
Another thing to look out for is some stuff, most notoriously Apple Air
Ports or Time Capsules, will put themselves in bridge mode if they
detect a private IP on the WAN. Once we start moving SMs to NAT mode,
we're going to use the 100.64.0.0/10 CGN pool so that hopefully this
fakes out these stupid routers from doing the bridge mode thing.
On 12/30/2015 11:37 PM, Bill Prince wrote:
Is this a manifestation of the Belkin filling its NAT table,and then
letting the overflow leak through to the WAN side?
I've seen this with other routers.
bp
<part15sbs{at}gmail{dot}com>
On 12/30/2015 8:35 PM, Ken Hohhof wrote:
Anyone seen these routers leak LAN to WAN? We hooked up a new
customer who has one of these and while it is establishing a PPPoE
session on the WAN side, we are also seeing his LAN side MAC address,
we are seeing a rogue DHCP server from him, and can even log into his
router at 192.168.2.1 with no password and screw around with stuff.
We can't log in via his WAN address though, as expected. The
performance to his LAN address via the WAN seems sluggish, as if the
sneak path isn't full bandwidth.
I guess he could have connected a cable from the Internet port to a
LAN port and then another LAN port to our POE, but I'm pretty sure no.
I was blaming this on the Mercury WiMAX CPE we used for the first
time on this install instead of Greenpacket, since its default IP
address is 192.168.2.1. I even opened a ticket with Mercury claiming
they had a problem with their bridged mode. But now I realize it is
the Belkin router.
Oh, and the Mercury CPE is pretty nice, except I miss the diecast
articulating mount. It appears to be made by KZ Broadband Technologies.
