Hi all,

Hopefully someone can point me in the right direction. I have our Mandrake MNF firewall set up so users can download their POP3 email from home. Well, within the past few months, users accessing the net via RoadRunner can no longer retreive their POP3 email from our server.

I checked the firewall and found the following in the log when the users were trying to connect:

I can see that shorewall thinks the packet is coming from a private network. How could this be the case? Is there anything I can do to let this traffic through?

Thank you all for the time,

Paul

Odd. I wonder if it's some sort of buggy routing. Can you get a tcpdump or something?

Thank you for the reply! After doing some more searching I've found that roadrunner is starting to use some addresses reserved by the iana. Should I just comment out the addresses from the /etc/shorewall/rfc1918 file, or is there a better solution?

Thanks again,

Paul

Well, you could do that. I wouldn't.

I don't understand how roadrunner thinks they can just decide to use RFC 1918 addresses.

I realize this may not be a solution to your liking, but I would tell the users that their ISP is using a broken network. My firewall blocks 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, and 172.16.0.0/12 networks on the public interface, no questions about it. Too high risks of spoofing and the like.

Road runner should not be doing this and I am honestly surprised that upstream ISPs don't just block the traffic themselves.

Thanks again! The addresses they are using are within the 70.0.0.0/7 and 72.0.0.0/5 networks, which were both listed in the rcf1918 file. I didn't even know there was anything "reserved" about those addresses before finding them in that file, which is why I was so stumped in the first place!

Upon closer inspection, the source IP in the log you posted appears to be 12.345.67.89, a perfectly valid IP address.