Network troubleshooting, any experts?
Rotariu Bogdan
bogdan at alterox.ro
Sat May 1 05:41:01 UTC 2004
lol, he just spoofed his addresses so the list can't see the real ips.
On Sat, 2004-05-01 at 08:13, Eric Diamond wrote:
> Wednesday, April 28, 2004 2:04 PM Elam Daly asked:
> > At this particular company we have a webserver, that sits behind a
> > firewall/router. All incoming port 80
> > traffic is directed to this server. All computers in the
> > company reside
> > internally on 123.123.123.* ip addresses.
> > All DNS resolution is done externally.
>
> How did you get the 123.123.123/24 address space assigned to your
> network?
>
> According to IANA:
>
> <start clip>
> INTERNET PROTOCOL V4 ADDRESS SPACE
>
> (last updated 28 April 2004)
>
> The allocation of Internet Protocol version 4 (IPv4) address space to
> various registries is listed here. Originally, all the IPv4 address
> spaces was managed directly by the IANA. Later parts of the address
> space were allocated to various other registries to manage for
> particular purposes or regional areas of the world. RFC 1466 [RFC1466]
> documents most of these allocations.
>
> Address
> Block Date Registry - Purpose Notes or Reference
> ----- ------ --------------------------- ------------------
> 000/8 Sep 81 IANA - Reserved
> 001/8 Sep 81 IANA - Reserved
> 002/8 Sep 81 IANA - Reserved
> 003/8 May 94 General Electric Company
> ...
> 122/8 Sep 81 IANA - Reserved
> 123/8 Sep 81 IANA - Reserved
> 124/8 Sep 81 IANA - Reserved
> 125/8 Sep 81 IANA - Reserved
> 126/8 Sep 81 IANA - Reserved
> 127/8 Sep 81 IANA - Reserved See [RFC3330]
> <end clip>
>
> The 123 address space is clearly a reserved Class A Address.
>
> Are you using NAT? I sincerely hope so. But if so, then why not use one
> of the private address spaces? If not, you're lucky you're getting any
> traffic back at all.
>
> > Now the problem is that all computers on the network can browse the
> > internet and do various chores like
> > telnet and ssh with no problem, except for the web server. I
> > can ssh,
> > telnet etc. to other computers on the internal network
> > from the web server but not to the outside world.
>
> For the rest of your network, see above.
>
> For your web server, the question of NAT applies but is compounded by
> issues regarding the way your ISP is forwarding the web traffic in their
> router.
>
> > I have no firewall running, and just to be sure I've flushed the
> > iptables and ran the /etc/rc3.d/iptables script with the
> > -stop flag. I've also talked to the isp( it's their router )
> > and they claim that if
> > all the other computers can get web access then so should
> > the webserver.
>
> Now, I have seen cases where ISPs will limit outgoing connections from
> known, world accessable servers connected to their network, over which
> they have no direct security control. But in this case, I have a gut
> feeling that another 123.123.123.240 exists somewhere out there (someone
> else using a reserved address) and some of your traffic is just getting
> lost. The general purpose router protocols are supposed to keep this
> sort of thing from happening, but when unassignigned addresses are added
> into the mix, unpredictable things can start popping up (or dropping out
> as the case may be.)
>
> Eric Diamond
> eDiamond Networking & Security
> 303-246-9555
> eric at ediamond.net
>
--
Rotariu Bogdan <bogdan at alterox.ro>
Alterox Sistem
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040501/4a747824/attachment-0001.sig>
More information about the fedora-list
mailing list