I came across a problem when one of our clients was not able to access any of the servers on our network. This person has never connected to us before and now for this first time was trying to do it from his home is Houston, TX using earthlink cable service provided by Time Warner. All this information, I think, is important because when I started examining my shorewall logs I found out that the source IP was 69.3.127.173 and some other IPs but all from 69.x.x.x network. All requests coming from that network was “DROPed” by rfc1918. I removed the line with that network from rfc1918 file and by that fixed the problem, but I am not sure if list is either outdated or something is wrong with IP assigning or I am not understanding it. Please let me know. By the way, my traceroutes die somewhere is Houston… traceroute 69.22.5.124 traceroute to 69.22.5.124 (69.22.5.124), 30 hops max, 38 byte packets 1 * * * 2 65.213.121.129 (65.213.121.129) 0.932 ms 0.641 ms 0.636 ms 3 Loopback0.GW5.EWR1.ALTER.NET (137.39.4.120) 1.199 ms 1.111 ms 1.115 ms 4 119.ATM4-0.XR2.EWR1.ALTER.NET (152.63.20.238) 1.269 ms 1.621 ms 1.270 ms 5 192.at-2-0-0.XR2.NYC9.ALTER.NET (152.63.17.242) 1.984 ms 1.863 ms 1.739 ms 6 0.so-2-1-0.XL2.NYC9.ALTER.NET (152.63.23.141) 1.968 ms 1.873 ms 1.836 ms 7 0.so-1-2-0.XL2.NYC4.ALTER.NET (152.63.21.13) 2.596 ms 2.212 ms 2.073 ms 8 0.so-7-0-0.BR1.NYC4.ALTER.NET (152.63.21.81) 2.125 ms 2.063 ms 2.246 ms 9 so-0-0-0.edge1.NewYork1.Level3.net (209.244.160.181) 3.263 ms 3.364 ms 3.254 ms 10 so-4-1-0.gar1.NewYork1.Level3.net (209.244.17.77) 3.326 ms 3.429 ms so-4-1-0.gar2.NewYork1.Level3.net (209.244.17.85) 3.450 ms 11 so-7-0-0.mp2.NewYork1.Level3.net (64.159.1.185) 3.650 ms 3.511 ms 3.461 ms 12 so-3-0-0.mp1.Dallas1.Level3.net (64.159.1.109) 43.101 ms 43.193 ms 43.070 ms 13 gigabitethernet8-1.hsipaccess1.Dallas1.Level3.net (64.159.3.41) 42.432 ms 42.468 ms 42.399 ms 14 pop1-dal-P0-3.atdn.net (66.185.141.49) 44.038 ms 43.801 ms 43.575 ms 15 bb1-dal-P0-0.atdn.net (66.185.146.144) 44.262 ms 43.778 ms 43.730 ms 16 bb1-hou-P6-0.atdn.net (66.185.152.133) 48.333 ms 48.300 ms 48.188 ms 17 pop2-hou-P1-0.atdn.net (66.185.146.113) 48.127 ms 48.091 ms 48.131 ms 18 rr-Houston.atdn.net (66.185.146.38) 49.331 ms 49.778 ms 49.286 ms 19 srp2-0.hstntxtid-rtr1.texas.rr.com (24.93.33.145) 48.566 ms 48.574 ms 48.577 ms 20 pos3-0.hstntxeas-rtr1.houston.rr.com (24.28.96.198) 49.660 ms 49.827 ms 49.730 ms 21 srp0-0.hstntxbis-rtr1.houston.rr.com (24.28.96.2) 49.648 ms 49.556 ms 49.479 ms 22 pos2-0.hstntxbis-ubr1.houston.rr.com (24.28.96.37) 49.763 ms 49.793 ms 49.818 ms 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * Thank you VV _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
It looks like rfc1918 is doing that because the 69.0.0.0/8 block is reserved in /etc/shorewall/rfc1918. I am not sure but if you went in and removed that entry from the file it should fix your problem. At 03:55 PM 2/24/2003 +0000, you wrote:>I came across a problem when one of our clients was not able to access any >of the servers on our network. This person has never connected to us >before and now for this first time was trying to do it from his home is >Houston, TX using earthlink cable service provided by Time Warner. All >this information, I think, is important because when I started examining >my shorewall logs I found out that the source IP was 69.3.127.173 and some >other IPs but all from 69.x.x.x network. All requests coming from that >network was ?DROPed? by rfc1918. I removed the line with that network >from rfc1918 file and by that fixed the problem, but I am not sure if list >is either outdated or something is wrong with IP assigning or I am not >understanding it. Please let me know. > >By the way, my traceroutes die somewhere is Houston> >traceroute 69.22.5.124 >traceroute to 69.22.5.124 (69.22.5.124), 30 hops max, 38 byte packets >1 * * * >2 65.213.121.129 (65.213.121.129) 0.932 ms 0.641 ms 0.636 ms >3 Loopback0.GW5.EWR1.ALTER.NET (137.39.4.120) 1.199 ms 1.111 ms 1.115 ms >4 119.ATM4-0.XR2.EWR1.ALTER.NET (152.63.20.238) 1.269 ms 1.621 ms 1.270 ms >5 192.at-2-0-0.XR2.NYC9.ALTER.NET (152.63.17.242) 1.984 ms 1.863 ms >1.739 ms >6 0.so-2-1-0.XL2.NYC9.ALTER.NET (152.63.23.141) 1.968 ms 1.873 ms 1.836 ms >7 0.so-1-2-0.XL2.NYC4.ALTER.NET (152.63.21.13) 2.596 ms 2.212 ms 2.073 ms >8 0.so-7-0-0.BR1.NYC4.ALTER.NET (152.63.21.81) 2.125 ms 2.063 ms 2.246 ms >9 so-0-0-0.edge1.NewYork1.Level3.net (209.244.160.181) 3.263 ms 3.364 ms >3.254 ms >10 so-4-1-0.gar1.NewYork1.Level3.net (209.244.17.77) 3.326 ms 3.429 ms >so-4-1-0.gar2.NewYork1.Level3.net (209.244.17.85) 3.450 ms >11 so-7-0-0.mp2.NewYork1.Level3.net (64.159.1.185) 3.650 ms 3.511 ms >3.461 ms >12 so-3-0-0.mp1.Dallas1.Level3.net (64.159.1.109) 43.101 ms 43.193 ms >43.070 ms >13 gigabitethernet8-1.hsipaccess1.Dallas1.Level3.net >(64.159.3.41) 42.432 ms 42.468 ms 42.399 ms >14 pop1-dal-P0-3.atdn.net (66.185.141.49) 44.038 ms 43.801 ms 43.575 ms >15 bb1-dal-P0-0.atdn.net (66.185.146.144) 44.262 ms 43.778 ms 43.730 ms >16 bb1-hou-P6-0.atdn.net (66.185.152.133) 48.333 ms 48.300 ms 48.188 ms >17 pop2-hou-P1-0.atdn.net (66.185.146.113) 48.127 ms 48.091 ms 48.131 ms >18 rr-Houston.atdn.net (66.185.146.38) 49.331 ms 49.778 ms 49.286 ms >19 srp2-0.hstntxtid-rtr1.texas.rr.com (24.93.33.145) 48.566 ms 48.574 ms >48.577 ms >20 pos3-0.hstntxeas-rtr1.houston.rr.com (24.28.96.198) 49.660 ms 49.827 >ms 49.730 ms >21 srp0-0.hstntxbis-rtr1.houston.rr.com (24.28.96.2) 49.648 ms 49.556 ms >49.479 ms >22 pos2-0.hstntxbis-ubr1.houston.rr.com (24.28.96.37) 49.763 ms 49.793 >ms 49.818 ms >23 * * * >24 * * * >25 * * * >26 * * * >27 * * * > >Thank you > >VV > > > > > >_________________________________________________________________ >The new MSN 8: advanced junk mail protection and 2 months FREE* >http://join.msn.com/?page=features/junkmail > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: >http://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htmCatapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.
Val Vechnyak wrote:> I came across a problem when one of our clients was not able to access > any of the servers on our network. This person has never connected to > us before and now for this first time was trying to do it from his home > is Houston, TX using earthlink cable service provided by Time Warner. > All this information, I think, is important because when I started > examining my shorewall logs I found out that the source IP was > 69.3.127.173 and some other IPs but all from 69.x.x.x network. All > requests coming from that network was ?DROPed? by rfc1918. I removed > the line with that network from rfc1918 file and by that fixed the > problem, but I am not sure if list is either outdated or something is > wrong with IP assigning or I am not understanding it. Please let me know. >69.0.0.0/8 was removed from the RFC1918 file over 6 months ago. If you are using the tarballs, you need to update that file manually as Shorewall doesn''t overwrite your existing file. If you are using the RPM and have ever modified the file, then RPM will not overwrite it and will install the updated file as rfc1918.rpmnew. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net