] public subnet
A great article talking about why NOT to block ICMP
http://www.linuxplanet.com/linuxplanet/tutorials/6524/1/
From the article,
In short, blocking ICMP is detrimental to the successful operation of
networks. It will break more than just ping; in fact, many protocols
Just a short update. I switched the customer along with their public ip over
to the same wrap my office is on and it works perfectly. This also involved
switching their from the bullet2 to a ns5. Its difficult to blame the cpe so
I'm thinking something strange with the other wrap setup. -rickg
On
A great article talking about why NOT to block ICMP
http://www.linuxplanet.com/linuxplanet/tutorials/6524/1/
From the article,
In short, blocking ICMP is detrimental to the successful operation of
networks. It will break more than just ping; in fact, many protocols
will be neutered if ICMP
Thank you!
I'll pass this on to the next security paranoid IT guy that thinks the
Taliban is gonna take down his servers if he enables ICMP!
-RickG
On Tue, Dec 22, 2009 at 12:57 AM, John Thomas jtho...@quarnet.com wrote:
A great article talking about why NOT to block ICMP
Mmmm, the Wrap, is its private IP in the 10.0.0.0/8 ? Can you look
up in the RB's NAT table and see what the source IP is?
FTP out to the world, is it using the NAT IP or the correct public IP
? I wonder if Proxy ARP isn't biting you.
On Sat, Dec 19, 2009 at 10:19 PM, RickG rgunder...@gmail.com
Yes, the WRAPs are in the 10.0.0.0/8. However, I dont have the WRAPs defined
in NAT. The working WRAP I'm off of at my office is using the public IP.
I'll have to FTP test the non-working WRAP at the customer site to see. As
I said, the net does work using the public IP from there location. I
The thing is they had a bridge from the other tower and it was working. The
only thing thats changed is the tower. RIP is on RB450G and WRAP's. Dont
know about Cisco as it is the customers and I dont have control. They also
have ICMP turned off amongst other things. Should I still see it?
Yes,
Unless there is a rouge NAT statement someplace, I do not see anything
specific that would be causing this (as described)
What about a proxy server ? Are all connections heading out the NAT IP
or only HTTP?
On Sat, Dec 19, 2009 at 4:40 AM, RickG rgunder...@gmail.com wrote:
The thing is they had
Ya, and further proof it should work is that it works at my office on the
same tower. I cant blame their cisco because I bypassed it with my laptop.
No proxy server. Everything goes through the RB450G. So, the only
differences are the WRAP on the tower and the CPE. I'll try the CPE next.
Will
OK, I've got a good one. I’m trying to pass public subnets to a couple of
customers. They worked before I switched them to a new, closer tower.
Bascially, it will not show the public IP when checking at
whatismyip.combut rather my firewall ip. Obviuosly, I can get on the
net with the public
ip's.
Routing or firewall setup issues. I pass a /24 and a /8 (NAT) across my entire
network. I use one place of NAT (well a few users still have in house NAT) I
would do traceroutes from and to the end IPs and see where things start to look
wrong.
RickG wrote:
OK, I've got a good one. I’m trying to
I agree but traceroutes run perfectly. Just to be clear, here is the setup:
Inet-RB450G(Firewall)-WRAP/StarOS-CPE-Customer Device (Cisco).
The subnet is 204.62.63.76/30.
RB450G has the subnet defined in the filter rules as chain forward.
The wireless interface on the WRAP has 204.62.63.77
Mmmm. bridging CPE, make sure its not proxy arping.
Check your RIP, if its turned on, on both the wrap and Csico, should be seen.
Where is the IP that is doing NAT located, on the RB450? The only way I had that
work correctly was to drop all chain rules and tell NAT to source 10.0.0.0/8
when
13 matches
Mail list logo
