Shorewall users - Apr 2004 - Problem accessing shorewall.net (rfc1918 problem ?)

Hello,

i''m having problems connecting to shorewall.net site.
it seems like german telekom got a ip block formerly reserved 
by iana. namely i got 84.128.25.220.

could it be that you''re still blocking this ip range ?

greetings

Holger Brueckner
net-labs Systemhaus GmbH

Holger Brueckner wrote:
> 
> Hello,
> 
> i''m having problems connecting to shorewall.net site.
> it seems like german telekom got a ip block formerly reserved
> by iana. namely i got 84.128.25.220.
> 
> could it be that you''re still blocking this ip range ?
> 
> greetings
> 
> Holger Brueckner
> net-labs Systemhaus GmbH
Holger,

That may depend, you probably are blocking yourself out. Is it a static
ip or is it allocated by DHCP?

# cat /etc/shorewall/rfc1918 | grep 84
What do you get? 

If it''s given by DHCP: If 84.0.0.0/x is listed just put a comment
there.

If it''s static: Add    84.128.25.220	   RETURN
above the 84.0.0.0/x line 

Restart Shorewall.
 
Use a stripped-down version like Tom''s example, saves you the trouble
with updating the file regularly..

http://www.shorewall.net/myfiles.htm#RFC1918

Regards,
-- 
Patrick Benson
Stockholm, Sweden

Holger Brueckner wrote:
> Hello,
> 
> i''m having problems connecting to shorewall.net site.
> it seems like german telekom got a ip block formerly reserved 
> by iana. namely i got 84.128.25.220.
> 
> could it be that you''re still blocking this ip range ?
Which shorewall.net site(s) are you having problems accessing? 
shorewall.net is comprised of systems in 5 different cities, each with 
their own system manager.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On Tue, 2004-04-27 at 13:58, Patrick Benson wrote:
> That may depend, you probably are blocking yourself out. Is it a static
> ip or is it allocated by DHCP?
definately not, since most of the sites are working ok.
> Use a stripped-down version like Tom''s example, saves you the
trouble
> with updating the file regularly..
i just updated yesterday ;)

as i stated in my other reply it is probably some routing issue. 
i''m experiencing some problems connecting to some us sites. 

thanks for your reply 

Holger Brueckner

On Tue, 2004-04-27 at 15:25, Tom Eastep wrote:
> Holger Brueckner wrote:
> > Hello,
> > 
> > i''m having problems connecting to shorewall.net site.
> > it seems like german telekom got a ip block formerly reserved 
> > by iana. namely i got 84.128.25.220.
> > 
> > could it be that you''re still blocking this ip range ?
> 
> Which shorewall.net site(s) are you having problems accessing? 
> shorewall.net is comprised of systems in 5 different cities, each with 
> their own system manager.
> 
> -Tom
i HAD problems with http://shorewall.net
it works now, so maybe it was just some routing issue.

im experiencing some problems with 84.x.x.x ip''s mainly on us sites.

well thanks a lot for your answer

Holger Brückner

On Tue, 27 Apr 2004, Holger Brueckner wrote:
> Date: Tue, 27 Apr 2004 16:02:07 +0200
> From: Holger Brueckner <lists@net-labs.de>
> Reply-To: brueckner@net-labs.de,
>      Mailing List for Shorewall Users
<shorewall-users@lists.shorewall.net>
> To: Mailing List for Shorewall Users
<shorewall-users@lists.shorewall.net>
> Subject: Re: [Shorewall-users] Problem accessing shorewall.net (rfc1918
>     problem?)
>
> On Tue, 2004-04-27 at 13:58, Patrick Benson wrote:
>
> > That may depend, you probably are blocking yourself out. Is it a
static
> > ip or is it allocated by DHCP?
>
> definately not, since most of the sites are working ok.
>
> > Use a stripped-down version like Tom''s example, saves you the
trouble
> > with updating the file regularly..
>
> i just updated yesterday ;)
>
> as i stated in my other reply it is probably some routing issue.
> i''m experiencing some problems connecting to some us sites.
>
> thanks for your reply
>
> Holger Brueckner
It might have been nice to give some example sites, that would have
allowed other to try to reach the sites and report back to you if the
sites were reachable.

We have had some bad weather that could have caused the problems.
Maybe the sites are down for some other reason, but you have not helped us
to help you in this manner

I do hope you will have matter resolved.

Have a great day!

 Larry Platzek  larryp@inow.com

Holger Brueckner wrote:
> On Tue, 2004-04-27 at 15:25, Tom Eastep wrote:
> 
>>Holger Brueckner wrote:
>>
>>>Hello,
>>>
>>>i''m having problems connecting to shorewall.net site.
>>>it seems like german telekom got a ip block formerly reserved 
>>>by iana. namely i got 84.128.25.220.
>>>
>>>could it be that you''re still blocking this ip range ?
>>
>>Which shorewall.net site(s) are you having problems accessing? 
>>shorewall.net is comprised of systems in 5 different cities, each with 
>>their own system manager.
>>
>>-Tom
> 
> 
> i HAD problems with http://shorewall.net
> it works now, so maybe it was just some routing issue.
> 
That''s my site -- I have always used a stripped down rfc1918 file and 
now that I''m running 2.0.1, I don''t set the
''nobogons'' option on my
external interface. So whatever the problem, it wasn''t rfc1918/bogons.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Hello,

For the www.shorewall.net mirror, I updated the version 2.0 shorewall 
with http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918

I does seem to drop 84.0.0.0/6.

83.0.0.0/8              DROP            # Reserved
84.0.0.0/6              DROP            # Reserved
88.0.0.0/5              DROP            # Reserved

I assume this is the updated version?

Alex Martin
http://www.rettc.com


Tom Eastep wrote:
> Holger Brueckner wrote:
> 
>> On Tue, 2004-04-27 at 15:25, Tom Eastep wrote:
>>
>>> Holger Brueckner wrote:
>>>
>>>> Hello,
>>>>
>>>> i''m having problems connecting to shorewall.net site.
>>>> it seems like german telekom got a ip block formerly reserved
by
>>>> iana. namely i got 84.128.25.220.
>>>>
>>>> could it be that you''re still blocking this ip range ?
>>>
>>>
>>> Which shorewall.net site(s) are you having problems accessing? 
>>> shorewall.net is comprised of systems in 5 different cities, each 
>>> with their own system manager.
>>>
>>> -Tom
>>
>>
>>
>> i HAD problems with http://shorewall.net
>> it works now, so maybe it was just some routing issue.
>>
> 
> That''s my site -- I have always used a stripped down rfc1918 file
and
> now that I''m running 2.0.1, I don''t set the
''nobogons'' option on my
> external interface. So whatever the problem, it wasn''t
rfc1918/bogons.
> 
> -Tom

Alex Martin wrote:
> Hello,
> 
> For the www.shorewall.net mirror, I updated the version 2.0 shorewall 
> with http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918
> 
> I does seem to drop 84.0.0.0/6.
> 
> 83.0.0.0/8              DROP            # Reserved
> 84.0.0.0/6              DROP            # Reserved
> 88.0.0.0/5              DROP            # Reserved
> 
> I assume this is the updated version?
No. The updated version:

71.0.0.0/8		logdrop		# Reserved
72.0.0.0/5		logdrop		# Reserved
89.0.0.0/8		logdrop		# Reserved
90.0.0.0/7		logdrop		# Reserved

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Hello,

Ok. I updated the www.shorewall.net mirror with the proper rfc1918 data.

Sorry shorewall users!

Tom,

http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918

Has the wrong stuff in it, compared to

http://shorewall.net/pub/shorewall/errata/2.0.1/bogons

(These links from a recent shorewall announce email).

Alex Martin
http://www.rettc.com

Alex Martin wrote:
> Hello,
> 
> Ok. I updated the www.shorewall.net mirror with the proper rfc1918 data.
> 
> Sorry shorewall users!
> 
> Tom,
> 
> http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918
> 
> Has the wrong stuff in it, compared to
> 
> http://shorewall.net/pub/shorewall/errata/2.0.1/bogons
> 
> (These links from a recent shorewall announce email).
> 
The excerpt that I sent you was obtained by clicking on the 
http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 link in your 
post and cutting and pasting. You''re saying that you see something 
different? If so, what IP does ''shorewall.net'' resolve to for
you? It
should be 206.124.146.177.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Sorry, operator error here. Everything is up to date. I can swear I just 
downloaded that 1.4 file and it was wrong, but that is not the case.

So, everything is up to date on my end, and of course on Tom''s end as
well.

Doh.

Alex Martin
http://www.rettc.com

Tom Eastep wrote:
> Alex Martin wrote:
> 
>> Hello,
>>
>> Ok. I updated the www.shorewall.net mirror with the proper rfc1918
data.
>>
>> Sorry shorewall users!
>>
>> Tom,
>>
>> http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918
>>
>> Has the wrong stuff in it, compared to
>>
>> http://shorewall.net/pub/shorewall/errata/2.0.1/bogons
>>
>> (These links from a recent shorewall announce email).
>>
> 
> The excerpt that I sent you was obtained by clicking on the 
> http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 link in your 
> post and cutting and pasting. You''re saying that you see something
> different? If so, what IP does ''shorewall.net'' resolve to
for you? It
> should be 206.124.146.177.
> 
> -Tom

Alex Martin wrote:
> Sorry, operator error here. Everything is up to date. I can swear I just 
> downloaded that 1.4 file and it was wrong, but that is not the case.
> 
Stale web page caches will get you every time :-)

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Hello

I''m sorry if it is out of the scope of the mail list

But, What you think If I run SNORT.org as IDS on my firewall box, running
Shorewall

Please advise, and tell me what you think

Waiting for your reply

Kind Regards
Samer

Samer Y. Azmy wrote:
> 
> But, What you think If I run SNORT.org as IDS on my firewall box, running
> Shorewall
> 
> Please advise, and tell me what you think
Two things:

a) There are 56 references to SNORT in the Shorewall Mailing List 
Archives. Is it the case that you read them all and didn''t find the 
information that you are looking for?

b) Please start a new thread rather than reply to another user''s post 
and change the subject. Many of us use threaded email clients and your 
behavior has the effect of embedding your thread inside a completely 
unrelated one.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net