Wednesday, April 28, 2004 2:04 PM Elam Daly asked: > At this particular company we have a webserver, that sits behind a > firewall/router. All incoming port 80 > traffic is directed to this server. All computers in the > company reside > internally on 123.123.123.* ip addresses. > All DNS resolution is done externally. How did you get the 123.123.123/24 address space assigned to your network? According to IANA: <start clip> INTERNET PROTOCOL V4 ADDRESS SPACE (last updated 28 April 2004) The allocation of Internet Protocol version 4 (IPv4) address space to various registries is listed here. Originally, all the IPv4 address spaces was managed directly by the IANA. Later parts of the address space were allocated to various other registries to manage for particular purposes or regional areas of the world. RFC 1466 [RFC1466] documents most of these allocations. Address Block Date Registry - Purpose Notes or Reference ----- ------ --------------------------- ------------------ 000/8 Sep 81 IANA - Reserved 001/8 Sep 81 IANA - Reserved 002/8 Sep 81 IANA - Reserved 003/8 May 94 General Electric Company ... 122/8 Sep 81 IANA - Reserved 123/8 Sep 81 IANA - Reserved 124/8 Sep 81 IANA - Reserved 125/8 Sep 81 IANA - Reserved 126/8 Sep 81 IANA - Reserved 127/8 Sep 81 IANA - Reserved See [RFC3330] <end clip> The 123 address space is clearly a reserved Class A Address. Are you using NAT? I sincerely hope so. But if so, then why not use one of the private address spaces? If not, you're lucky you're getting any traffic back at all. > Now the problem is that all computers on the network can browse the > internet and do various chores like > telnet and ssh with no problem, except for the web server. I > can ssh, > telnet etc. to other computers on the internal network > from the web server but not to the outside world. For the rest of your network, see above. For your web server, the question of NAT applies but is compounded by issues regarding the way your ISP is forwarding the web traffic in their router. > I have no firewall running, and just to be sure I've flushed the > iptables and ran the /etc/rc3.d/iptables script with the > -stop flag. I've also talked to the isp( it's their router ) > and they claim that if > all the other computers can get web access then so should > the webserver. Now, I have seen cases where ISPs will limit outgoing connections from known, world accessable servers connected to their network, over which they have no direct security control. But in this case, I have a gut feeling that another 123.123.123.240 exists somewhere out there (someone else using a reserved address) and some of your traffic is just getting lost. The general purpose router protocols are supposed to keep this sort of thing from happening, but when unassignigned addresses are added into the mix, unpredictable things can start popping up (or dropping out as the case may be.) Eric Diamond eDiamond Networking & Security 303-246-9555 eric@xxxxxxxxxxxx
