I started writing this post under the HELP section because i thought a printer APIPA was creating subnets in my LAN.. but this goes way beyond APIPA.... which may not even be playing any role here since the printer does get an IP on boot.
Apparently my ISP modem routes 10.22.96.1/24 as a valid external/routable address, which it also assign as gateway for 192.168.0.0/24 network, and all hosts along the way have print servers that somehow manages to send print jobs to my double-NAT'ed printer (an epson xp 214 if that matters)
Am I going insane? Anyone ever seen something like this? It is NOT a ISP provided printer. they only own the edge router which terminates their DOCSIS connection and nothing else.
Here's the data from my original post:
I have one stubborn printer connected via wifi to my openwrt router.
When I print it's settings page, it says it got the openWrt assigned DHCP address and nothing else:
ip address: 10.55.131.143
subnetmask: 255.255.255.0
default gateway: 10.55.131.1
APIPA: enable
primary dns: 10.55.131.1
secondary dns: none
So far so good. But there's a puzzle: I have one client on the same wifi/lan which was configured to use this printer on it's old address: 192.168.0.160... and it still manages to print! I imagine it is APIPA (Automatic Private IP Addressing)... but when I trace that on the that client, i see lots of things I cannot explain:
(context: my openwrt modem LAN is 10.55.131.1, wan is 10.55.130.101, and the ISP modem LAN is 10.55.130.1)
first is the path: it goes via external IPs!
$ tracepath 192.168.0.160 -n
1?: [LOCALHOST] pmtu 1500
1: 10.55.131.1 (openwrt router) 15.957ms
1: 10.55.131.1 (openwrt router) 1.878ms
2: 10.55.130.1 (ISP router) 3.239ms
3: 10.22.96.1 13.454ms
4: 201.6.73.177 13.220ms
5: 201.6.65.46 19.747ms
6: 201.6.65.32 41.931ms
7: no reply
^C
Then on the openwrt device, there's no knowledge about the first hop: 10.22.96.1
(i was double checking routing because at first I didn't notice the ISP router ip o the tracepath and assumed it was my openwrt router sending packages to the other LAN crated by apipa, but that is now obviously not the case. keeping this step regardless)
openwrt# ping 10.22.96.1
PING 10.22.96.1 (10.22.96.1): 56 data bytes
64 bytes from 10.22.96.1: seq=0 ttl=254 time=12.803 ms
64 bytes from 10.22.96.1: seq=1 ttl=254 time=9.944 ms
64 bytes from 10.22.96.1: seq=2 ttl=254 time=12.242 ms
openwrt# arp -l | grep 10.22
(nothing)
traceroute 192.168.0.160
traceroute to 192.168.0.160 (192.168.0.160), 30 hops max, 46 byte packets
1 10.55.130.1 (10.55.130.1) 1.306 ms 1.227 ms 1.024 ms
2 10.22.96.1 (10.22.96.1) 10.379 ms 10.509 ms 8.939 ms
3 c90649b1.virtua.com.br (201.6.73.177) 12.042 ms 10.648 ms 12.154 ms
4 c906412e.virtua.com.br (201.6.65.46) 12.963 ms 10.253 ms 12.256 ms
5 c9064120.virtua.com.br (201.6.65.32) 12.658 ms 10.315 ms 12.084 ms
6 * * *
7 * * *
openwrt# arp -l | grep 192
(nothing)
openwrt# ping 192.168.0.160
--- 192.168.0.160 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
So now, its is clear those IPs are "outside", past the ISP router. let's see what we have there:
openwrt# nmap --all 201.6.73.177 -P0
Starting Nmap 7.95 ( https://nmap.org ) at 2024-11-30 17:47 UTC
Nmap scan report for c90649b1.virtua.com.br (201.6.73.177)
Host is up (0.014s latency).
Not shown: 994 closed tcp ports (conn-refused)
PORT STATE SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
515/tcp open printer
1723/tcp filtered pptp
9100/tcp open jetdirect
while that server have a full print server by the look of the ports, the 10.22.96.0/24 range have "printers":
$ nmap --all -P0 10.22.96.0/24
.... all ips reply with ...
Nmap scan report for 10.22.96.52
Host is up (0.017s latency).
Not shown: 932 filtered tcp ports (no-response), 65 filtered tcp ports (host-unreach)
PORT STATE SERVICE
515/tcp open printer
631/tcp closed ipp
9100/tcp open jetdirect
Nmap scan report for 10.22.96.53
Host is up (0.021s latency).
Not shown: 931 filtered tcp ports (no-response), 66 filtered tcp ports (host-unreach)
PORT STATE SERVICE
515/tcp open printer
631/tcp closed ipp
9100/tcp open jetdirect
Nmap scan report for 10.22.96.54
Host is up (0.019s latency).
Not shown: 930 filtered tcp ports (no-response), 67 filtered tcp ports (host-unreach)
PORT STATE SERVICE
515/tcp open printer
631/tcp closed ipp
9100/tcp open jetdirect
Nmap scan report for 10.22.96.55
Host is up (0.020s latency).
Not shown: 931 filtered tcp ports (no-response), 66 filtered tcp ports (host-unreach)
PORT STATE SERVICE
515/tcp open printer
631/tcp closed ipp
9100/tcp open jetdirect
the 192.168.0.0/24 ips have different ports by the dozen-ips... e.g. 0-59 have 515 open, 60+ only ipp ports.
$ nmap --all 192.168.0.1/24 -P0
Starting Nmap 7.95 ( https://nmap.org ) at 2024-11-30 18:12 UTC
Stats: 0:00:25 elapsed; 0 hosts completed (64 up), 64 undergoing Connect Scan
Connect Scan Timing: About 0.13% done
Stats: 0:03:40 elapsed; 0 hosts completed (64 up), 64 undergoing Connect Scan
Connect Scan Timing: About 1.66% done; ETC: 21:47 (3:30:47 remaining)
Nmap scan report for 192.168.0.0
Host is up (0.011s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE
515/tcp open printer
631/tcp closed ipp
9100/tcp open jetdirect
Nmap scan report for 192.168.0.1
Host is up (0.0078s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE
515/tcp open printer
631/tcp closed ipp
9100/tcp open jetdirect
Nmap scan report for 192.168.0.2
Host is up (0.0066s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE
515/tcp open printer
631/tcp closed ipp
9100/tcp open jetdirect
...
Nmap scan report for 192.168.0.60
Host is up (0.013s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE
515/tcp open printer
631/tcp closed ipp
9100/tcp open jetdirect
Nmap scan report for 192.168.0.61
Host is up (0.0083s latency).
Not shown: 998 filtered tcp ports (no-response)
PORT STATE SERVICE
631/tcp closed ipp
9100/tcp open jetdirect
Nmap scan report for 192.168.0.62
Host is up (0.010s latency).
Not shown: 998 filtered tcp ports (no-response)
PORT STATE SERVICE
631/tcp closed ipp
9100/tcp open jetdirect
Nmap scan report for 192.168.0.63
Host is up (0.0076s latency).
Not shown: 998 filtered tcp ports (no-response)
PORT STATE SERVICE
631/tcp closed ipp
9100/tcp open jetdirect