RE: access list is not working! why?
our dns resolves www.radiowave.com to 64.37.194.252 www.entrypoint.com to 205.228.184.11 Regards -Paul -Original Message- From: beth shriver [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 05, 2000 9:16 PM To: [EMAIL PROTECTED] Subject: access list is not working! why? here is a VERY simple access list i have put on a router that is providing our internet connection to prevent connections to www.radiowave.com and www.entrypoint.com(used to be pointcast): access-list 100 deny ip any host 206.64.127.11 log access-list 100 deny ip any host 64.37.194.196 log access-list 100 permit ip any any then on every interface i have put: ip access-group 100 in ip access-group 100 out yet this is not preventing the connections. can someone tell me why? the router this is on is the only link we have to the internet. this is very puzzling to me. thanks Beth __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access list is not working! why?
You have to be carefull trying to block web sites by IP address. Some of them have more then one. www.radiowave.com resolves to 64.37.194.196 & 64.37.194.252 when I try to ping it by name. Doing a whois gave the folling DNS servers for them - 64.37.194.219 208.216.144.18 www.entrypoint.com pinged on 205.228.184.11, with DNS servers at 199.221.47.7 207.24.245.179 > >here is a VERY simple access list i have put on a >router that is providing our internet connection to >prevent connections to www.radiowave.com and >www.entrypoint.com(used to be pointcast): > >access-list 100 deny ip any host 206.64.127.11 log >access-list 100 deny ip any host 64.37.194.196 log >access-list 100 permit ip any any > >then on every interface i have put: >ip access-group 100 in >ip access-group 100 out > >yet this is not preventing the connections. can >someone tell me why? the router this is on is the only >link we have to the internet. this is very puzzling to >me. >thanks >Beth > > >__ >Do You Yahoo!? >Yahoo! Mail - Free email you can access from anywhere! >http://mail.yahoo.com/ > >___ >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >FAQ, list archives, and subscription info: http://www.groupstudy.com >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access list is not working! why?
That would block all HTTP traffic, which would probably not be desireable. "If it doesn't fit, don't force it, just get a bigger hammer." - Wally Wilson Sincerely, Bradley J. Wilson CCNA, CCDA, MCSE, CCSE, CNX-A, NNCSS, MCT, CTT - Original Message - From: Leonardo Rocha To: beth shriver ; [EMAIL PROTECTED] Sent: Tuesday, September 05, 2000 9:55 PM Subject: RES: access list is not working! why? dear, do not forget setting the port 80 to deny www access ok. best regards, -leonardo -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Em nome de beth shriver Enviada em: terça-feira, 5 de setembro de 2000 17:16 Para: [EMAIL PROTECTED] Assunto: access list is not working! why? here is a VERY simple access list i have put on a router that is providing our internet connection to prevent connections to www.radiowave.com and www.entrypoint.com(used to be pointcast): access-list 100 deny ip any host 206.64.127.11 log access-list 100 deny ip any host 64.37.194.196 log access-list 100 permit ip any any then on every interface i have put: ip access-group 100 in ip access-group 100 out yet this is not preventing the connections. can someone tell me why? the router this is on is the only link we have to the internet. this is very puzzling to me. thanks Beth ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: access list is not working! why?
> Assunto: access list is not working! why? > > > here is a VERY simple access list i have put on a > router that is providing our internet connection to > prevent connections to www.radiowave.com and > www.entrypoint.com(used to be pointcast): > > access-list 100 deny ip any host 206.64.127.11 log > access-list 100 deny ip any host 64.37.194.196 log > access-list 100 permit ip any any > > then on every interface i have put: > ip access-group 100 in > ip access-group 100 out > > yet this is not preventing the connections. can > someone tell me why? the router this is on is the only > link we have to the internet. this is very puzzling to > me. > thanks > Beth Beth, This is a very common problem when people are setting up access lists. You have denied any IP traffic from your network to specific host IP addresses, namely 206.64.127.11 and 64.37.194.196. The problem is that these are not the only addresses that represent those domains and domain names. For example, if you did a simple ping to www.radiowave.com, you would note the following return reply addresses: 64.37.194.196 64.37.194.252 Likewise, you can also find the following active addresses for www.entrypoint.com: 205.228.184.11 206.64.127.11 In actuality, you really need to find the address space that both domains use. Since both of these organizations use either round robin load balancing or local director, you will need to block all active addresses that can connect to their site. If you do a whois search on ARIN, look at all the entries for Pointcast: POINTCAST (NETBLK-CW-206-29-38) 206.29.38.0 - 206.29.38.255 PointCast,Inc.(NETBLK-UU-208-219-32) 208.219.32.0 - 208.219.39.255 PointCast,Inc.(NETBLK-UU-208-206-224-A) 208.206.224.0 - 208.206.227.255 Pointcast Inc. (ASN-POINTCAST) 5756 Pointcast Inc. (NETBLK-POINTCAST) 206.64.126.0 - 206.64.127.0 Pointcast Network Canada (NETBLK-POINTCAST-CA-BLK1) 205.250.179.0 - 205.250.179.255 Pointcast Network Canada (NETBLK-POINTCAST-CA-BLK2) 205.250.180.0 - 205.250.180.255 Keep in mind, not every address or address block listed above will be used for a website address, but they are all potential candidates. HTH, Paul Werner Get your own "800" number - Free Free voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]