Salut,
je me suis peut-être mal exprimé mais quand j'ai indiqué un IP non routable après la bbox, il s'agissait de cette IP privée 10.108.238.2
traceroute lafibre.info [23:03 pts/0]
traceroute to lafibre.info (46.227.16.8), 30 hops max, 60 byte packets
1 _gateway (192.168.1.1) 0.380 ms 0.313 ms 0.407 ms
2 10.108.238.2 (10.108.238.2) 3.433 ms 4.020 ms 3.824 ms
3 1.la10.bsr02-ix2.net.bbox.fr (212.194.170.42) 3.914 ms 3.445 ms 3.849 ms
4 be11.cbr01-cro.net.bbox.fr (212.194.171.2) 12.648 ms 12.593 ms 12.683 ms
5 be5.cbr01-lyo.net.bbox.fr (212.194.171.140) 12.559 ms 18.317 ms 18.293 ms
6 la44.bsr01-lyo.net.bbox.fr (212.194.171.149) 11.098 ms 10.915 ms 10.943 ms
7 la10.bsr02-lyo.net.bbox.fr (212.194.171.19) 10.310 ms 10.527 ms 10.558 ms
8 * * *
9 lafibre.info (46.227.16.8) 11.635 ms 11.521 ms 11.498 ms
et quand on s'intéresse à elle:
nmap -Pn 10.108.238.2 [23:03 pts/0]
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-22 23:03 CET
Nmap scan report for 10.108.238.2
Host is up (0.0043s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
179/tcp open bgp
646/tcp closed ldp
Nmap done: 1 IP address (1 host up) scanned in 15.85 seconds
J'avoue que je ne sais pas pourquoi je me retrouve dans le même cas de figure qu'avec un abonnement câble en collecte, est-ce lié à la taille des sous-blocs utilisés pour le routage car ByTel ne veut pas gaspiller ses IP ?
Toujours est-il que ma route par défaut est celle que j'attends:
ip -4 route show
default via 176.133.x.y dev eth0.100 proto zebra
176.133.x.0/22 dev eth0.100 proto kernel scope link src 176.133.a.b
192.168.1.0/24 dev switch0 proto kernel scope link src 192.168.1.1
Concernant routerOS (avec un RB750gr3) j'ai peu travaillé dessus, ma configuration fut celle-ci:
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment="Fibre WAN" mac-address=28:E9:FC:xx:xx:xx
/interface vlan
add interface=ether1 name=Fibre_ByTel_vl100 vlan-id=100
/ip dhcp-client option
add code=60 name=vendorid value=0x42594754454c494144
/ip dhcp-client
add dhcp-options=vendorid disabled=no interface=Fibre_ByTel_vl100
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/ip address
add address=192.168.88.1/24 comment=LAN interface=bridge network=192.168.88.0
/ip pool
add name=dhcp_pool_lan ranges=192.168.88.10-192.168.88.254
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 domain=bbox.lan gateway=192.168.88.1 netmask=24
/ip dhcp-server network
add address=192.168.88.250/32 dns-server=194.158.122.10,194.158.122.15 domain=bbox.lan gateway=192.168.88.1 netmask=24
/ip dhcp-server lease
add address=192.168.88.250 mac-address=D0:05:2A:xx:xx:xx server=dhcp_lan
/ip dhcp-server
add address-pool=dhcp_pool_lan disabled=no interface=bridge name=dhcp_lan
/ip dns
set allow-remote-requests=yes servers=80.67.169.12,80.67.169.40
/ip firewall address-list
add address=212.195.48.0/24 list=VODReplay
add address=212.195.244.0/24 list=VODReplay
add address=62.34.201.0/24 list=VODReplay
add address=194.158.119.0/24 list=VODReplay
add address=195.36.152.0/24 list=VODReplay
add address=192.168.88.0/24 list=MyNetwork
add address=193.251.97.0/24 list=TV
add address=89.86.97.0/24 list=TV
add address=176.165.8.0/24 list=TV
add address=89.86.96.0/24 list=TV
/ip firewall filter
add action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=1d chain=input comment="Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment="Port Scanner Detect" protocol=tcp psd=21,3s,3,1
add action=tarpit chain=input comment="Drop to syn flood list" protocol=tcp src-address-list=Syn_Flooder
add action=tarpit chain=input comment="Drop to port scan list" protocol=tcp src-address-list=Port_Scanner
/ip firewall filter
add action=accept chain=input comment="--- Accept Established / Related" connection-state=established,related in-interface=Fibre_ByTel_vl100
add action=accept chain=input comment="--- Accept IGMP for IPTV Multicast" in-interface=Fibre_ByTel_vl100 protocol=igmp
add action=accept chain=input comment="--- Accept IP Flow for IGMP Proxy" dst-port=8202,8200 in-interface=Fibre_ByTel_vl100 protocol=udp src-address-list=TV
add action=drop chain=input comment="--- Deny All / Drop -- INPUT" src-address-list=!MyNetwork
/ip firewall filter
add action=fasttrack-connection chain=forward comment="--- FastTrack Forwarding Established / Related" connection-state=established,related
add action=accept chain=forward comment="--- Accept Established / Related" connection-state=established,related
add action=accept chain=forward comment="--- Accept IP Flow for IGMP Proxy" dst-port=8200,8202 protocol=udp src-address-list=TV
add action=accept chain=forward comment="--- Accept IP flow for VOD" dst-port=20000-30000 in-interface=Fibre_ByTel_vl100 protocol=udp src-address-list=VODReplay
add action=accept chain=forward comment="--- Accept Outgoing Client Traffic Out to Internet" out-interface=Fibre_ByTel_vl100 src-address-list=MyNetwork
add action=drop chain=forward comment="--- Deny All / Drop -- FORWARD" log=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Fibre_ByTel_vl100 src-address-list=MyNetwork
add action=dst-nat chain=dstnat dst-port=20000-30000 in-interface=Fibre_ByTel_vl100 protocol=udp src-address-list=VODReplay to-addresses=192.168.88.250
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=Fibre_ByTel_vl100 upstream=yes
add alternative-subnets=0.0.0.0/0 interface=bridge
Pas d'IGMP snooping, je ne me suis pas plus lancé dans un débogage par manque de temps.
Est-ce que les IP sources des flux multicast répondent aux requêtes ICMP ? Ce n'est le cas de mon côté (a priori c'est voulu).
PS: j'ai rebranché mon ER-X.