Re: AOL Proxy Servers not connecting via https - resolved
A Clue Bat was gently swung by a friendly and clueful (semi-anonymous) AOL NetOps guys who contacted me from my post on Nanog. Thanks Nanog, and this sounds strange from me, but Thank's AOL. :) And yes, it should have been obvious on my part.. a router was configured with a 172.0.0.0/8 netmask.
......there is what we call an RFC1918 issue. AOL was given some IPs in the 172.16.x.x range by ARIN. These are valid routable IPs, and we use them as IPs for the AOL user's machines (kinda like DHCP). The problem is that some people block all of 172.x.x.x thinking it's only for non-routable IPs when it's only half that range that is non-routable. (172.16.0.0/20 is the routable part). That appears to be the case with this one. We've asked ARIN for a different range, and they told us to go away, so we are stuck with this issue. If you can ask someone who does firewall and/or router ACLs in front of that website, they should be able to fix the issue.
This might be helpful to people setting up ACLs and the like: http://webmaster.info.aol.com/proxyinfo.html -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.2mbit.com ICQ: 8077511 ----- Original Message ----- From: "mike harrison" <meuon@highertech.net> To: <nanog@merit.edu> Sent: Thursday, September 25, 2003 5:10 PM Subject: Re: AOL Proxy Servers not connecting via https - resolved
A Clue Bat was gently swung by a friendly and clueful (semi-anonymous) AOL NetOps guys who contacted me from my post on Nanog. Thanks Nanog, and this sounds strange from me, but Thank's AOL. :)
And yes, it should have been obvious on my part.. a router was configured with a 172.0.0.0/8 netmask.
......there is what we call an RFC1918 issue. AOL was given some IPs in the 172.16.x.x range by ARIN. These are valid routable IPs, and we use them as IPs for the AOL user's machines (kinda like DHCP).
The
problem is that some people block all of 172.x.x.x thinking it's only for non-routable IPs when it's only half that range that is non-routable. (172.16.0.0/20 is the routable part). That appears to be the case with this one. We've asked ARIN for a different range, and they told us to go away, so we are stuck with this issue. If you can ask someone who does firewall and/or router ACLs in front of that website, they should be able to fix the issue.
On Thu, Sep 25, 2003 at 06:11:23PM -0400, Brian Bruns wrote:
This might be helpful to people setting up ACLs and the like:
I think the point that Mike was making is that RFC1918 space is 172.16.0.0/20 not a /8. -ron
Actually a /12. But the value of 172.16.0.0 0.15.255.255 has been burned into my head for some reason... ---snip--- Page 4 3 Private Address Space The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) ---snip--- --- Ron da Silva <ron@aol.net> wrote:
On Thu, Sep 25, 2003 at 06:11:23PM -0400, Brian Bruns wrote:
This might be helpful to people setting up ACLs and the like:
I think the point that Mike was making is that RFC1918 space is 172.16.0.0/20 not a /8.
-ron
On Thu, Sep 25, 2003 at 04:48:11PM -0700, Andy Ellifson wrote:
Actually a /12. But the value of 172.16.0.0 0.15.255.255 has been burned into my head for some reason...
yup... s/20/12/ typo...thanks Andy -ron
On Thu, 25 Sep 2003, Ron da Silva wrote:
On Thu, Sep 25, 2003 at 06:11:23PM -0400, Brian Bruns wrote:
This might be helpful to people setting up ACLs and the like:
I think the point that Mike was making is that RFC1918 space is 172.16.0.0/20 not a /8.
At least two people have posted incorrectly about 172.16, wrt who has what and how big it is. Rekhter, et al Best Current Practice [Page 3] RFC 1918 Address Allocation for Private Internets February 1996 3. Private Address Space The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) AOL has NetRange: 172.128.0.0 - 172.191.255.255 CIDR: 172.128.0.0/10 NetRange: 172.192.0.0 - 172.211.255.255 CIDR: 172.192.0.0/12, 172.208.0.0/14 and apparently a bunch of other blocks. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
participants (5)
-
Andy Ellifson
-
Brian Bruns
-
jlewis@lewis.org
-
mike harrison
-
Ron da Silva