dont let this be you please (network people)

Codeman6669Codeman6669 Member Posts: 227
So i helped someone out recently, after 2-3 other people had already spend 1-2 hours each on fixing the issue. The person argued with me that the issue they were having wasn't relevant to what i said would fix it. I didn't argue, i just showed the fix and let that do the talking.
Long story short, no internet out one of the wan connections.

Can you tell what i fixed? lol
Don't do this!!! lol

Comments

  • Bjcheung77Bjcheung77 Member Posts: 89 ■■■□□□□□□□
    That screenshot looks interesting, I haven't thought about it long enough... what was causing the issue? The DMZ is set incorrectly?
    Or the 168's subnet set incorrectly? Haha, you mentioned "one" of the wans, so that 168 subnet shouldn't cause issues... *can't think, dinner time*
  • Nightflier101BLNightflier101BL Member Posts: 134 ■■■□□□□□□□
  • joelsfoodjoelsfood Member Posts: 1,027 ■■■■■■□□□□
    Yeah, I can see several things that might be wrong there, depending on the particular hardware and topology, but the non-private subnets were first thing that made me twitch.

    Years ago when I was relatively new in IT, I was doing contract work for a small shop. Went into one of their client sites, and found that whole network was using public IPs. But NOT that company's IPs, but instead some random block of IPs owned by a company in Spain. Is a non-profit in OKC likely to need to access system's owned by the Spanish company? Probably not. Still made me twitch though. I don't remember if I ever pointed out the issue. I might not have, being so new to IT, but on the other hand, I tend not to be very good at biting my tongue. :D
  • dhay13dhay13 Member Posts: 580 ■■■□□□□□□□
    My last job the IP schema was 192.9.200.***. I questioned this my first day and was told that whoever set up the network was following an example and that was the range they used in the example??? Highly doubtful but ok. So I told my manager that we needed to correct this and his response was that he didn't want to break anything.

    But as to the OP, I see some improperly assigned IP's being used here too.
  • shoeyshoey Member Posts: 111 ■■■□□□□□□□
    Great file name!
    "I have missed more than 9,000 shots in my career. I have lost almost 300 games. 26 times, I've been trusted to take the game winning shot and missed. I've failed over and over and over again in my life. And that is why I succeed." - Michael Jordan
  • dontstopdontstop Member Posts: 579 ■■■■□□□□□□
    My first job was at a small computer store and instead of using RFC1918 addressing the owning decided on using a range that was owned by Adobe. For weeks/months we struggled with not being able to update or download any of the Adobe technologies (Flash/Reader). I think BCP and standards are in place for the reason of not being behind the 8-ball before you even start.
  • Codeman6669Codeman6669 Member Posts: 227
    joelsfood wrote: »
    Yeah, I can see several things that might be wrong there, depending on the particular hardware and topology, but the non-private subnets were first thing that made me twitch.

    Years ago when I was relatively new in IT, I was doing contract work for a small shop. Went into one of their client sites, and found that whole network was using public IPs. But NOT that company's IPs, but instead some random block of IPs owned by a company in Spain. Is a non-profit in OKC likely to need to access system's owned by the Spanish company? Probably not. Still made me twitch though. I don't remember if I ever pointed out the issue. I might not have, being so new to IT, but on the other hand, I tend not to be very good at biting my tongue. :D

    Im glad others cringe on the sight of this, i cant stand when this is done lol.
    Odd thing here was that this actually worked for a year or so. Then it just stopped working. I never checked to see if the devices were trying to reach any of the 192.1.X.X subnets, but I couldn't even ping out to the next hop from the devices on those interfaces. (though the router ping'd out no prob) I would like to say the ISP was doing some filtering? But if these addresses are behind NAT they shouldn't see the IP's. Yet changing the subnet to 192.168.11.X instantly let the traffic pass.
  • Codeman6669Codeman6669 Member Posts: 227
    dhay13 wrote: »
    My last job the IP schema was 192.9.200.***. I questioned this my first day and was told that whoever set up the network was following an example and that was the range they used in the example??? Highly doubtful but ok. So I told my manager that we needed to correct this and his response was that he didn't want to break anything.

    But as to the OP, I see some improperly assigned IP's being used here too.

    That's how it always seems to go. "some one else set it up for this or that not good reason, and it cant be changed". This was the same case. Except the person i was helping was intent on not changing this, and didn't even recognize the potential of the issue. Its kinda crazy to me, there is this entire RFC, entire system of how subnets should be assigned world wide, and then you got these ass's that just want to watch it burn lol
  • dhay13dhay13 Member Posts: 580 ■■■□□□□□□□
    That's how it always seems to go. "some one else set it up for this or that not good reason, and it cant be changed". This was the same case. Except the person i was helping was intent on not changing this, and didn't even recognize the potential of the issue. Its kinda crazy to me, there is this entire RFC, entire system of how subnets should be assigned world wide, and then you got these ass's that just want to watch it burn lol
    Yep. This was the same manager that didn't think you could have 2 DC's on a network when I asked why there was only 1 DC. And told me we didn't need A/V on our servers because we don't surf the internet with them. I went to upper management with my concerns but they just went back to him and he convinced them he was right and I was wrong. Couldn't wait to get out of that place!
  • DojiscalperDojiscalper Member Posts: 266 ■■■□□□□□□□
    I can remember way back in the `90's working at a small shop and the local town got a wirefire system via one of the the ISP's. One day I was messing in our shop after they sold us a connection and I found that we could browse the folders of everyone on the entire network. I called their service manager and he didn't really care until while I was talking to him I was browsing his computer and moved his desktop icons to another folder. I didn't know a lot about how that stuff worked at the time, but I knew that couldn't be right.

    They fixed the problem pretty quickly.
  • BlucodexBlucodex OSCP, GCIA, GCIH, GMON, CISSP, CEH, CHFI, CCNA CyberOps, Security+ Member Posts: 430 ■■■■□□□□□□
    Worked at a call center that started out as a mom and pops shop. They had hundreds of workstations at this location which was still using the 192.168.1.1 network. Caused VPN issues and management wouldn't let us fix anything for fear of "if it ain't broke".
  • Welly_59Welly_59 Member Posts: 431
    What's wrong with using 193.168.1.x?
  • Welly_59Welly_59 Member Posts: 431
    Oops meant 192.168 1.x
  • Nik 99Nik 99 Member Posts: 154 ■■■□□□□□□□
    Welly_59 wrote: »
    What's wrong with using 192.168.1.x?

    I also want to know this. All I'm aware of is that private address ranges cant be routed onto public networks without NAT.
  • SteveLavoieSteveLavoie Member Posts: 971 ■■■■■■■■□□
    dhay13 wrote: »
    My last job the IP schema was 192.9.200.***. I questioned this my first day and was told that whoever set up the network was following an example and that was the range they used in the example??? Highly doubtful but ok. So I told my manager that we needed to correct this and his response was that he didn't want to break anything.

    I agree with you it must be an example somewhere. Many years ago, I had a customer whose range were the same number.. quite a coincidence!
  • joelsfoodjoelsfood Member Posts: 1,027 ■■■■■■□□□□
    Nothing is wrong with 192.168.1.x. Problem is above that, 192.1.x.x
  • olaHaloolaHalo Member Posts: 748 ■■■■□□□□□□
    The bigger issue here is that youre running a FortiGate
Sign In or Register to comment.