Hello:
I have a RIPE Atlas probe
behind an edge router on a home network connection that is
unfortunately using NAT, as my ISP provides only a single IPv4
address. The router is using a Debian derivative (Ubiquiti EdgeOS)
with connection tracking and NAT.
Its "firewall" configuration has been adjusted to log and drop ICMP
packets that are considered by conntrack to be "invalid" (and not
"established" or "related"). Several such packets are encountered
hourly (ICMP type 3 code 3 related to DNS is most common). The
conntrack ICMP timeout (/proc/sys/net/netfilter/nf_conntrack_icmp_timeout)
is set to (the default) 30 seconds.
I recently observed a (ICMP type 11 code 0) packet for which the
reported rejection was for ctr-nue13.atlas.ripe.net, for which
target there are several active measurements on the probe. An
extract of recent logs for the related address yielded
Mar 27 13:43:18 edge kernel: [WAN_LOCAL-2-D]IN=eth0 OUT= MAC=24:a4:3c:05:20:a3:00:01:5c:45:9a:41:08:00 SRC=4.68.111.17 DST=76.188.130.183 LEN=96 TOS=0x00 PREC=0x00 TTL=58 ID=3881 PROTO=ICMP TYPE=11 CODE=0 [SRC=76.188.130.183 DST=78.46.48.134 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=57079 PROTO=UDP SPT=20494 DPT=33441 LEN=48 ]
Mar 27 14:43:10 edge kernel: [WAN_LOCAL-2-D]IN=eth0 OUT= MAC=24:a4:3c:05:20:a3:00:01:5c:45:9a:41:08:00 SRC=4.68.111.17 DST=76.188.130.183 LEN=96 TOS=0x00 PREC=0x00 TTL=58 ID=11429 PROTO=ICMP TYPE=11 CODE=0 [SRC=76.188.130.183 DST=78.46.48.134 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=57081 PROTO=UDP SPT=20494 DPT=33443 LEN=48 ]
Mar 28 01:13:08 edge kernel: [WAN_LOCAL-2-D]IN=eth0 OUT= MAC=24:a4:3c:05:20:a3:00:01:5c:45:9a:41:08:00 SRC=4.68.111.33 DST=76.188.130.183 LEN=96 TOS=0x00 PREC=0x00 TTL=58 ID=55784 PROTO=ICMP TYPE=11 CODE=0 [SRC=76.188.130.183 DST=78.46.48.134 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=57079 PROTO=UDP SPT=20494 DPT=33448 LEN=48 ]
Mar 28 01:13:09 edge kernel: [WAN_LOCAL-2-D]IN=eth0 OUT= MAC=24:a4:3c:05:20:a3:00:01:5c:45:9a:41:08:00 SRC=4.68.111.33 DST=76.188.130.183 LEN=96 TOS=0x00 PREC=0x00 TTL=58 ID=56140 PROTO=ICMP TYPE=11 CODE=0 [SRC=76.188.130.183 DST=78.46.48.134 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=57080 PROTO=UDP SPT=20494 DPT=33448 LEN=48 ]
Mar 28 03:13:08 edge kernel: [WAN_LOCAL-2-D]IN=eth0 OUT= MAC=24:a4:3c:05:20:a3:00:01:5c:45:9a:41:08:00 SRC=4.68.111.33 DST=76.188.130.183 LEN=96 TOS=0x00 PREC=0x00 TTL=58 ID=19963 PROTO=ICMP TYPE=11 CODE=0 [SRC=76.188.130.183 DST=78.46.48.134 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=57079 PROTO=UDP SPT=20494 DPT=33436 LEN=48 ]
Mar 28 03:13:09 edge kernel: [WAN_LOCAL-2-D]IN=eth0 OUT= MAC=24:a4:3c:05:20:a3:00:01:5c:45:9a:41:08:00 SRC=4.68.111.33 DST=76.188.130.183 LEN=96 TOS=0x00 PREC=0x00 TTL=58 ID=20396 PROTO=ICMP TYPE=11 CODE=0 [SRC=76.188.130.183 DST=78.46.48.134 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=57080 PROTO=UDP SPT=20494 DPT=33436 LEN=48 ]
Mar 28 03:43:09 edge kernel: [WAN_LOCAL-2-D]IN=eth0 OUT= MAC=24:a4:3c:05:20:a3:00:01:5c:45:9a:41:08:00 SRC=4.68.111.17 DST=76.188.130.183 LEN=96 TOS=0x00 PREC=0x00 TTL=58 ID=37791 PROTO=ICMP TYPE=11 CODE=0 [SRC=76.188.130.183 DST=78.46.48.134 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=57081 PROTO=UDP SPT=20494 DPT=33437 LEN=48 ]
Mar 28 19:43:11 edge kernel: [WAN_LOCAL-2-D]IN=eth0 OUT= MAC=24:a4:3c:05:20:a3:00:01:5c:45:9a:41:08:00 SRC=4.68.111.17 DST=76.188.130.183 LEN=96 TOS=0x00 PREC=0x00 TTL=58 ID=38319 PROTO=ICMP TYPE=11 CODE=0 [SRC=76.188.130.183 DST=78.46.48.134 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=57080 PROTO=UDP SPT=20494 DPT=33437 LEN=48 ]
Mar 29 01:13:09 edge kernel: [WAN_LOCAL-2-D]IN=eth0 OUT= MAC=24:a4:3c:05:20:a3:00:01:5c:45:9a:41:08:00 SRC=4.68.111.33 DST=76.188.130.183 LEN=96 TOS=0x00 PREC=0x00 TTL=58 ID=54402 PROTO=ICMP TYPE=11 CODE=0 [SRC=76.188.130.183 DST=78.46.48.134 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=57079 PROTO=UDP SPT=20494 DPT=33448 LEN=48 ]
Mar 29 01:13:11 edge kernel: [WAN_LOCAL-2-D]IN=eth0 OUT= MAC=24:a4:3c:05:20:a3:00:01:5c:45:9a:41:08:00 SRC=4.68.111.33 DST=76.188.130.183 LEN=96 TOS=0x00 PREC=0x00 TTL=58 ID=55451 PROTO=ICMP TYPE=11 CODE=0 [SRC=76.188.130.183 DST=78.46.48.134 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=57080 PROTO=UDP SPT=20494 DPT=33448 LEN=48 ]
Mar 29 05:43:10 edge kernel: [WAN_LOCAL-2-D]IN=eth0 OUT= MAC=24:a4:3c:05:20:a3:00:01:5c:45:9a:41:08:00 SRC=4.68.111.17 DST=76.188.130.183 LEN=96 TOS=0x00 PREC=0x00 TTL=58 ID=23514 PROTO=ICMP TYPE=11 CODE=0 [SRC=76.188.130.183 DST=78.46.48.134 LEN=68 TOS=0x00 PREC=0x00 TTL=1 ID=57081 PROTO=UDP SPT=20494 DPT=33441 LEN=48 ]
(Times are UTC.)
Is this simply an unfortunate consequence of probe measurement
artifacts arriving outside of the 30-second conntrack window, or is
my local configuration adversely affecting such measurements?
Regards,
Gary