Network troubleshooting, any experts?

Rotariu Bogdan bogdan at alterox.ro
Sat May 1 05:41:01 UTC 2004


lol, he just spoofed his addresses so the list can't see the real ips.

On Sat, 2004-05-01 at 08:13, Eric Diamond wrote:
> Wednesday, April 28, 2004 2:04 PM Elam Daly asked:
> > At this particular company we have a webserver, that sits behind a 
> > firewall/router.  All incoming port 80
> > traffic is directed to this server.  All computers in the 
> > company reside 
> > internally on 123.123.123.* ip addresses.
> > All DNS resolution is done externally.
> 
> How did you get the 123.123.123/24 address space assigned to your
> network? 
> 
> According to IANA:
> 
> <start clip>
> INTERNET PROTOCOL V4 ADDRESS SPACE
> 
> (last updated 28 April 2004)
> 
> The allocation of Internet Protocol version 4 (IPv4) address space to
> various registries is listed here. Originally, all the IPv4 address
> spaces was managed directly by the IANA. Later parts of the address
> space were allocated to various other registries to manage for
> particular purposes or regional areas of the world.  RFC 1466 [RFC1466]
> documents most of these allocations.
> 
> Address
> Block   Date     Registry - Purpose                  Notes or Reference
> -----   ------   ---------------------------         ------------------
> 000/8   Sep 81   IANA - Reserved
> 001/8   Sep 81   IANA - Reserved
> 002/8   Sep 81   IANA - Reserved
> 003/8   May 94   General Electric Company
> ...
> 122/8   Sep 81   IANA - Reserved
> 123/8   Sep 81   IANA - Reserved
> 124/8   Sep 81   IANA - Reserved
> 125/8   Sep 81   IANA - Reserved
> 126/8   Sep 81   IANA - Reserved
> 127/8   Sep 81   IANA - Reserved                     See [RFC3330]
> <end clip>
> 
> The 123 address space is clearly a reserved Class A Address. 
> 
> Are you using NAT? I sincerely hope so. But if so, then why not use one
> of the private address spaces? If not, you're lucky you're getting any
> traffic back at all.
> 
> > Now the problem is that all computers on the network can browse the 
> > internet and do various chores like
> > telnet and ssh with no problem, except for the web server.  I 
> > can ssh, 
> > telnet etc. to other computers on the internal network
> > from the web server but not to the outside world.
> 
> For the rest of your network, see above.
> 
> For your web server, the question of NAT applies but is compounded by
> issues regarding the way your ISP is forwarding the web traffic in their
> router.
> 
> > I have no firewall running, and just to be sure I've flushed the 
> > iptables and ran the /etc/rc3.d/iptables script with the 
> > -stop flag. I've also talked to the isp( it's their router ) 
> > and they claim that if 
> > all the other computers can get web access then so should
> > the webserver.
> 
> Now, I have seen cases where ISPs will limit outgoing connections from
> known, world accessable servers connected to their network, over which
> they have no direct security control. But in this case, I have a gut
> feeling that another 123.123.123.240 exists somewhere out there (someone
> else using a reserved address) and some of your traffic is just getting
> lost. The general purpose router protocols are supposed to keep this
> sort of thing from happening, but when unassignigned addresses are added
> into the mix, unpredictable things can start popping up (or dropping out
> as the case may be.)
> 
> Eric Diamond
> eDiamond Networking & Security
> 303-246-9555
> eric at ediamond.net
>  
-- 
Rotariu Bogdan <bogdan at alterox.ro>
Alterox Sistem
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040501/4a747824/attachment-0001.sig>


More information about the fedora-list mailing list