On 14/09/2020 22:25, Andrey Khomyakov wrote:
TL;DR I suspect there are middle boxes that don't like IPs ending in .255. Anyone seen that?
Yes, but not for many, MANY years. I would expect that this service might not like addresses ending in .0 either? It was ca. 2010, when I started receiving an increasing number of complaints that connections from addresses ending in .0 or .255 were failing toward my (at the time) hosted services. This behaviour was eventually* narrowed to iptables rules carelessly included with 'Atomic Secured Linux' that purposely blackholed connections if the source address' most specific octet happened to contain .0 or .255. I'm sure that 'ASL' wasn't the only piece of software to have shipped with this default behaviour, so should you discover any box of any sort, configuration (or age) blindly hampering the connectivity for addresses with all-1s or all-0s in any of the three most-specific octets, please take this as infallible permission to promptly introduce it to the nearest body of water. :) * I still have AAISP - my home ISP at the time - to thank for routing me a /30 with a .255 address in it! It wouldn't have been as easy to resolve without that - very few UK consumers were being assigned addresses with .255 in them at the time. -- Tom