03-24-2004 02:13 PM - edited 03-02-2019 02:32 PM
Does anyone have experiencing with routing to .mil websites http://www.navair.navy.mil
It appears that certain hosts on our network
cannot access or hit the .mil websites
These hosts all have IPs, that in a classful routing
domain, would be valid network(addresses)boundaries and broadcast addresses. Our network is a classless
routing domain
For example:
10.1.38.0
10.2.38.255
The real public IPs have been replace with 1918 addresses
I am wondering if this is the problem with routing
to these websites or is it just a matter
of .mil websites blocking a few of our blocks of ips
due to an abusive user sourced from our network.
Any thoughts ??
03-25-2004 02:33 AM
Hi I-mathews,
Before we go any further, can the host(s) access other .mil sites. There may be a specific access-list blocking (shun) your users. The military and any other security minded companies will prevent certain traffic from entering their network (RFC 2827). Obviously ensure your outside IP addresses are not private and do not belong to someone else like the Navy.
Another consideration, are you running PAT? Some applications do not work through a PAT-ed network because they are port specific.
If that doesn't help or you would just like help troubleshooting send me an email.
R/S
Dave
03-25-2004 01:51 PM
Its all .mil websites (army, nayv, airforce..etc)
I dont think its an access-list, because there
are other hosts on our network that can hit that site
The hosts that can hit it are on a different block
however,the ones that can't are not off the same network block either
As far as applications;these users are just using a web browser. These host claim that if they use dailup
and/or another ISP they can get to it
The thing thats common is the IPs that cannot route
are all valid network/broadcast address in a classful
routing domain (which I think the .mil websites may
be running..for legacy servers). Our network and hosts are in a classless routing domain. This is my
theory. The webmaster for .mil has not replied to our
query. Let me know if my theory holds water..
I dont think that the .mil websites would be denying
an entire network block??
03-25-2004 01:54 PM
These ips are just examples
of the ones that are getting block. I did not want
to post real public ips that we assign to our customers
But the IPs that can't get routed end it a .0, .255.
so its
x.x.x.0
x.x.x.255
03-25-2004 09:16 PM
Hi,
I have also observed the same. We have 2 diff connections to the internet, i am able to access the website through one connection only. This should have something to do with the security settings on the webserver of the .mil sites.
Regards,
Vinod
03-28-2004 02:47 PM
Do you mean having more than one upstream provider?
What have you done to work around this issue?
Any ideas for a workaround. navy.mil has not responded to our query
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide