The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Friday, September 22, 2006

The broadcast address is NOT the netmask

I was able to finally solve the issue with XXXXXXXX. It was an odd problem though—they could get to some sites, not to others. Even wierder, I could get to their router from outside, but not their firewall, even though both were in the same network block. I could ping the firewall from the router, but the implementation of ssh on Cisco routers is … well … pathetic so that's not really an option.

I was able to ping the firewall from an ISP in Boston.

Yup.

Boston (by the way, thanks Eve for not getting rid of the account—it comes in handy from time to time).

And since I could ping it, I tried to ssh into it.

Success.

A few minutes later, and I'm looking at the routing table of the firewall.

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
XXXXXXXXXXXXX   0.0.0.0         255.255.255.252 U        40 0          0 eth0
66.0.0.0        0.0.0.0         255.0.0.0       U        40 0          0 eth1
0.0.0.0         XXXXXXXXXXXXX   0.0.0.0         UG       40 0          0 eth0

How odd. Every IP address between 66.0.0.0 and 66.255.255.255 is being routed back to XXXXXXXX's firewall. How did that happen?

I come to find out that they had a power outtage a few days ago, and that's when their problems started. I check the startup scripts and lo', I had specified a broadcast address in lieu of a netmask. The command to configure the interface rejected the value for the netmask and picked a default mask based upon the IP address (the address falls into the old class “A” network, which has a default mask of 255.0.0.0).

Ah.

Well then.

That would certain explain why they were able to get to some sites but not others. And it would explain why I was unable to get into their firewall from The Office or Casa New Jersey (as both locations fall into the 66.0.0.0/8 network block).

Ahem.

It was an easy fix.

Obligatory Picture

[The future's so bright, I gotta wear shades]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2024 by Sean Conner. All Rights Reserved.