Shorewall users - Feb 2003 - 69.x.x.x network in rfc1918

I came across a problem when one of our clients was not able to access any 
of the servers on our network.  This person has never connected to us before 
and now for this first time was trying to do it from his home is Houston, TX 
using earthlink cable service provided by Time Warner.  All this 
information, I think, is important because when I started examining my 
shorewall logs I found out that the source IP was 69.3.127.173 and some 
other IPs but all from 69.x.x.x network.  All requests coming from that 
network was “DROPed” by rfc1918.  I removed the line with that network from 
rfc1918 file and by that fixed the problem, but I am not sure if list is 
either outdated or something is wrong with IP assigning or I am not 
understanding it.  Please let me know.

By the way, my traceroutes die somewhere is Houston…

traceroute 69.22.5.124
traceroute to 69.22.5.124 (69.22.5.124), 30 hops max, 38 byte packets
1  * * *
2  65.213.121.129 (65.213.121.129)  0.932 ms  0.641 ms  0.636 ms
3  Loopback0.GW5.EWR1.ALTER.NET (137.39.4.120)  1.199 ms  1.111 ms  1.115 ms
4  119.ATM4-0.XR2.EWR1.ALTER.NET (152.63.20.238)  1.269 ms  1.621 ms  1.270 
ms
5  192.at-2-0-0.XR2.NYC9.ALTER.NET (152.63.17.242)  1.984 ms  1.863 ms  
1.739 ms
6  0.so-2-1-0.XL2.NYC9.ALTER.NET (152.63.23.141)  1.968 ms  1.873 ms  1.836 
ms
7  0.so-1-2-0.XL2.NYC4.ALTER.NET (152.63.21.13)  2.596 ms  2.212 ms  2.073 
ms
8  0.so-7-0-0.BR1.NYC4.ALTER.NET (152.63.21.81)  2.125 ms  2.063 ms  2.246 
ms
9  so-0-0-0.edge1.NewYork1.Level3.net (209.244.160.181)  3.263 ms  3.364 ms  
3.254 ms
10  so-4-1-0.gar1.NewYork1.Level3.net (209.244.17.77)  3.326 ms  3.429 ms 
so-4-1-0.gar2.NewYork1.Level3.net (209.244.17.85)  3.450 ms
11  so-7-0-0.mp2.NewYork1.Level3.net (64.159.1.185)  3.650 ms  3.511 ms  
3.461 ms
12  so-3-0-0.mp1.Dallas1.Level3.net (64.159.1.109)  43.101 ms  43.193 ms  
43.070 ms
13  gigabitethernet8-1.hsipaccess1.Dallas1.Level3.net (64.159.3.41)  42.432 
ms  42.468 ms  42.399 ms
14  pop1-dal-P0-3.atdn.net (66.185.141.49)  44.038 ms  43.801 ms  43.575 ms
15  bb1-dal-P0-0.atdn.net (66.185.146.144)  44.262 ms  43.778 ms  43.730 ms
16  bb1-hou-P6-0.atdn.net (66.185.152.133)  48.333 ms  48.300 ms  48.188 ms
17  pop2-hou-P1-0.atdn.net (66.185.146.113)  48.127 ms  48.091 ms  48.131 ms
18  rr-Houston.atdn.net (66.185.146.38)  49.331 ms  49.778 ms  49.286 ms
19  srp2-0.hstntxtid-rtr1.texas.rr.com (24.93.33.145)  48.566 ms  48.574 ms  
48.577 ms
20  pos3-0.hstntxeas-rtr1.houston.rr.com (24.28.96.198)  49.660 ms  49.827 
ms  49.730 ms
21  srp0-0.hstntxbis-rtr1.houston.rr.com (24.28.96.2)  49.648 ms  49.556 ms  
49.479 ms
22  pos2-0.hstntxbis-ubr1.houston.rr.com (24.28.96.37)  49.763 ms  49.793 ms 
  49.818 ms
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *

Thank you

VV





_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

It looks like rfc1918 is doing that because the 69.0.0.0/8 block is 
reserved in /etc/shorewall/rfc1918.  I am not sure but if you went in and 
removed that entry from the file it should fix your problem.

At 03:55 PM 2/24/2003 +0000, you wrote:
>I came across a problem when one of our clients was not able to access any 
>of the servers on our network.  This person has never connected to us 
>before and now for this first time was trying to do it from his home is 
>Houston, TX using earthlink cable service provided by Time Warner.  All 
>this information, I think, is important because when I started examining 
>my shorewall logs I found out that the source IP was 69.3.127.173 and some 
>other IPs but all from 69.x.x.x network.  All requests coming from that 
>network was ?DROPed? by rfc1918.  I removed the line with that network 
>from rfc1918 file and by that fixed the problem, but I am not sure if list 
>is either outdated or something is wrong with IP assigning or I am not 
>understanding it.  Please let me know.
>
>By the way, my traceroutes die somewhere is Houston
>
>traceroute 69.22.5.124
>traceroute to 69.22.5.124 (69.22.5.124), 30 hops max, 38 byte packets
>1  * * *
>2  65.213.121.129 (65.213.121.129)  0.932 ms  0.641 ms  0.636 ms
>3  Loopback0.GW5.EWR1.ALTER.NET (137.39.4.120)  1.199 ms  1.111 ms  1.115 ms
>4  119.ATM4-0.XR2.EWR1.ALTER.NET (152.63.20.238)  1.269 ms  1.621 ms  1.270
ms
>5  192.at-2-0-0.XR2.NYC9.ALTER.NET (152.63.17.242)  1.984 ms  1.863 ms
>1.739 ms
>6  0.so-2-1-0.XL2.NYC9.ALTER.NET (152.63.23.141)  1.968 ms  1.873 ms  1.836
ms
>7  0.so-1-2-0.XL2.NYC4.ALTER.NET (152.63.21.13)  2.596 ms  2.212 ms  2.073
ms
>8  0.so-7-0-0.BR1.NYC4.ALTER.NET (152.63.21.81)  2.125 ms  2.063 ms  2.246
ms
>9  so-0-0-0.edge1.NewYork1.Level3.net (209.244.160.181)  3.263 ms  3.364 ms
>3.254 ms
>10  so-4-1-0.gar1.NewYork1.Level3.net (209.244.17.77)  3.326 ms  3.429 ms 
>so-4-1-0.gar2.NewYork1.Level3.net (209.244.17.85)  3.450 ms
>11  so-7-0-0.mp2.NewYork1.Level3.net (64.159.1.185)  3.650 ms  3.511 ms
>3.461 ms
>12  so-3-0-0.mp1.Dallas1.Level3.net (64.159.1.109)  43.101 ms  43.193 ms
>43.070 ms
>13  gigabitethernet8-1.hsipaccess1.Dallas1.Level3.net 
>(64.159.3.41)  42.432 ms  42.468 ms  42.399 ms
>14  pop1-dal-P0-3.atdn.net (66.185.141.49)  44.038 ms  43.801 ms  43.575 ms
>15  bb1-dal-P0-0.atdn.net (66.185.146.144)  44.262 ms  43.778 ms  43.730 ms
>16  bb1-hou-P6-0.atdn.net (66.185.152.133)  48.333 ms  48.300 ms  48.188 ms
>17  pop2-hou-P1-0.atdn.net (66.185.146.113)  48.127 ms  48.091 ms  48.131 ms
>18  rr-Houston.atdn.net (66.185.146.38)  49.331 ms  49.778 ms  49.286 ms
>19  srp2-0.hstntxtid-rtr1.texas.rr.com (24.93.33.145)  48.566 ms  48.574 ms
>48.577 ms
>20  pos3-0.hstntxeas-rtr1.houston.rr.com (24.28.96.198)  49.660 ms  49.827 
>ms  49.730 ms
>21  srp0-0.hstntxbis-rtr1.houston.rr.com (24.28.96.2)  49.648 ms  49.556 ms
>49.479 ms
>22  pos2-0.hstntxbis-ubr1.houston.rr.com (24.28.96.37)  49.763 ms  49.793 
>ms  49.818 ms
>23  * * *
>24  * * *
>25  * * *
>26  * * *
>27  * * *
>
>Thank you
>
>VV
>
>
>
>
>
>_________________________________________________________________
>The new MSN 8: advanced junk mail protection and 2 months FREE*
>http://join.msn.com/?page=features/junkmail
>
>_______________________________________________
>Shorewall-users mailing list
>Post: Shorewall-users@lists.shorewall.net
>Subscribe/Unsubscribe: 
>http://lists.shorewall.net/mailman/listinfo/shorewall-users
>Support: http://www.shorewall.net/support.htm
>FAQ: http://www.shorewall.net/FAQ.htm
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum 
immane mittam.

Val Vechnyak wrote:
> I came across a problem when one of our clients was not able to access 
> any of the servers on our network.  This person has never connected to 
> us before and now for this first time was trying to do it from his home 
> is Houston, TX using earthlink cable service provided by Time Warner.  
> All this information, I think, is important because when I started 
> examining my shorewall logs I found out that the source IP was 
> 69.3.127.173 and some other IPs but all from 69.x.x.x network.  All 
> requests coming from that network was ?DROPed? by rfc1918.  I removed 
> the line with that network from rfc1918 file and by that fixed the 
> problem, but I am not sure if list is either outdated or something is 
> wrong with IP assigning or I am not understanding it.  Please let me know.
> 
69.0.0.0/8 was removed from the RFC1918 file over 6 months ago.

If you are using the tarballs, you need to update that file manually as 
Shorewall doesn''t overwrite your existing file.

If you are using the RPM and have ever modified the file, then RPM will 
not overwrite it and will install the updated file as rfc1918.rpmnew.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net