Hi Michael, This sounds like an issue with outdated rfc1918 rule in shorewall (maybe seawall in Dachstein). Here's a link I found that does a good job of explaining the issue:
http://www.oclug.on.ca/archives/oclug/2004-January/036932.html The writer (Raymond) apparently had issues with the python script that generates this 'bogons' list, but I've never had much problems myself. Although I have to admit I don't like the fact that shorewall lumps the bogons in with rfc1918 addresses which are completely different and LEAF doesn't have a way to auto update this list (no python on the router -- not that I would want to see it on the router). I've been bitten by this problem myself on several occasions. As it turns out, the latest version of bering-uclib has a newer version of shorewall that no longer does this by the looks of things. That's good, except no don't know where bogons are being handled. Oh well, I'll figure that out later. For now, what you need is an updated bogons list. Attached is the current output from the python script mentioned in the old rfc1918 file. I think the formatting may be slightly different for the version of shorewall included in Dachstein, so maybe grab the addresses from this list but keep the formatting from your existing rfc1918 file. You should find it in /etc/shorewall, or /etc/seawall depending on what version of shorewall you have (it used to be called seawall). 0.0.0.0/7 logdrop # Reserved 2.0.0.0/8 logdrop # Reserved 5.0.0.0/8 logdrop # Reserved 7.0.0.0/8 logdrop # Reserved 10.0.0.0/8 logdrop # Reserved 23.0.0.0/8 logdrop # Reserved 27.0.0.0/8 logdrop # Reserved 31.0.0.0/8 logdrop # Reserved 36.0.0.0/7 logdrop # Reserved 39.0.0.0/8 logdrop # Reserved 42.0.0.0/8 logdrop # Reserved 92.0.0.0/6 logdrop # Reserved 100.0.0.0/6 logdrop # Reserved 104.0.0.0/5 logdrop # Reserved 112.0.0.0/6 logdrop # Reserved 127.0.0.0/8 logdrop # Reserved 173.0.0.0/8 logdrop # Reserved 174.0.0.0/7 logdrop # Reserved 176.0.0.0/5 logdrop # Reserved 184.0.0.0/6 logdrop # Reserved 197.0.0.0/8 logdrop # Reserved 223.0.0.0/8 logdrop # Reserved 240.0.0.0/4 logdrop # Reserved Hope this helps. ...Izzy Michael McClure wrote: >It almost seems like both, but I'm no expert and can't tell you for sure. >Here's what it does...If I'm on a client windows machine (dhcp served from >my dachstein box), and I try to ping or browse www.macys.com, I can't >resolve the name. The browser returns w/a "We can't find www.macys.com". >Ping from the Windows cmd prompt says "Ping request could not find >www.macys.com..." I then ssh to the dachstein box and ping www.macys.com. > After a long pause, it returns "PING e108.g.akamaiedge.net >(72.246.44.134): 56 data bytes" and pings come back. If I use the IP >returned to browse (this is the IP entry I put in the hosts file on my >wife's computer for jcrew.com), I can get partial pages, but end up being >redirected to www1.macys.com and not able to resolve that. No matter >what, I can take any single machine off my network and plug it directly to >the cable modem (obviously getting my 1 ip address), and everything >browses all 3 of my "problem sites" just fine. > >Thanks. >mike. > > >Charles Steinkuehler wrote: > > >>Michael McClure wrote: >> >> >>>I have some wierd problems with my Dachstein box. My wife is not able >>>to >>>load www.macys.com and www.jcrew.com. She also has problems loading >>>images on www.gymboree.com. I'm sure there are others, but these are >>>the >>>ones she seen so far. One thing it seems they all have in common is >>>that >>>they all use akamai for something or other -- DNS/Load Balancing, >>>edgecaching of images, etc. I fixed jcrew on my wife's computer by >>>making >>>a host entry in her hosts file that resolves to www.jcrew.com -- but all >>>urls on jcrew's site use www. I couldn't fix macys.com the same way >>>because there is www.macys.com, www1.macys.com, www2.macys.com, etc and >>>even when you ping www.macys.com, a couple different IP's come back. >>> >>>Does anybody know of anything I can do to fix this? Any help would be >>>greatly appreciated. >>> >>> >>First check to see if the issue is with name resolution or talking to >>the actual IP address(es). >> >>IIRC, Dachstein drops traffic from several (at that time) unassigned IP >>address ranges, and a number of these have been allocated in recent >>years due to general lack of IP addresses (particularly outside the US). >> >>-- >>Charles Steinkuehler >>[EMAIL PROTECTED] >> >>------------------------------------------------------------------------- >>Take Surveys. Earn Cash. Influence the Future of IT >>Join SourceForge.net's Techsay panel and you'll get the chance to share >>your >>opinions on IT & business topics through brief surveys-and earn cash >>http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >>------------------------------------------------------------------------ >>leaf-user mailing list: leaf-user@lists.sourceforge.net >>https://lists.sourceforge.net/lists/listinfo/leaf-user >>Support Request -- http://leaf-project.org/ >> >> >> > > >------------------------------------------------------------------------- >Take Surveys. Earn Cash. Influence the Future of IT >Join SourceForge.net's Techsay panel and you'll get the chance to share your >opinions on IT & business topics through brief surveys-and earn cash >http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >------------------------------------------------------------------------ >leaf-user mailing list: leaf-user@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/leaf-user >Support Request -- http://leaf-project.org/ > > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
