Re: access list is not working! why?

Wed, 06 Sep 2000 10:12:42 -0700 


> Assunto: access list is not working! why?
> 
> 
> here is a VERY simple access list i have put on a
> router that is providing our internet connection to
> prevent connections to www.radiowave.com and
> www.entrypoint.com(used to be pointcast):
> 
> access-list 100 deny   ip any host 206.64.127.11 log
> access-list 100 deny   ip any host 64.37.194.196 log
> access-list 100 permit ip any any
> 
> then on every interface i have put:
> ip access-group 100 in
> ip access-group 100 out
> 
> yet this is not preventing the connections. can
> someone tell me why? the router this is on is the only
> link we have to the internet. this is very puzzling to
> me.
> thanks
> Beth

Beth,

This is a very common problem when people are setting up access 
lists.  You have denied any IP traffic from your network to  
specific host IP addresses, namely 206.64.127.11 and 
64.37.194.196.  The problem is that these are not the only 
addresses that represent those domains and domain names.  For 
example, if you did a simple ping to www.radiowave.com, you 
would note the following return reply addresses:

64.37.194.196
64.37.194.252

Likewise, you can also find the following active addresses for 
www.entrypoint.com:

205.228.184.11
206.64.127.11

In actuality, you really need to find the address space that 
both domains use. Since both of these organizations use either 
round robin load balancing or local director, you will need to 
block all active addresses that can connect to their site.  If 
you do a whois search on ARIN, look at all the entries for 
Pointcast:

POINTCAST (NETBLK-CW-206-29-38)   206.29.38.0 - 206.29.38.255
PointCast,Inc.(NETBLK-UU-208-219-32)
208.219.32.0 - 208.219.39.255
PointCast,Inc.(NETBLK-UU-208-206-224-A)
208.206.224.0 - 208.206.227.255
Pointcast Inc. (ASN-POINTCAST)      5756
Pointcast Inc. (NETBLK-POINTCAST) 206.64.126.0 - 206.64.127.0
Pointcast Network Canada (NETBLK-POINTCAST-CA-BLK1)                                    
                 
205.250.179.0 - 205.250.179.255
Pointcast Network Canada (NETBLK-POINTCAST-CA-BLK2)                                    
                 
205.250.180.0 - 205.250.180.255

Keep in mind, not every address or address block listed above 
will be used for a website address, but they are all potential 
candidates. 

HTH,

Paul Werner



________________________________________________
Get your own "800" number - Free
Free voicemail, fax, email, and a lot more
http://www.ureach.com/reg/tag

___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to