This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Foreign Country Block includes USA IP by mistake

Any way that I can manually edit the country block IP list?
How do I see this list?

"Craigslist.org" is on the foreign country block list (Non USA)

It is incorrectly added  208.82.238.72 in one of the countries.

13:54:01   Reply from 208.82.238.72 about A-record for ns2p.craigslist.org:
13:54:01   -> Answer: A-record for ns2p.craigslist.org = 208.82.236.175
13:54:01   -> Authority: NS-record for craigslist.org = ns1p.craigslist.org
13:54:01   -> Authority: NS-record for craigslist.org = ns1f.craigslist.org
13:54:01   -> Authority: NS-record for craigslist.org = ns2p.craigslist.org
13:54:01   -> Authority: NS-record for craigslist.org = ns2f.craigslist.org
13:54:01   -> Additional: A-record for ns1f.craigslist.org = 208.82.238.71
13:54:01   -> Additional: A-record for ns1p.craigslist.org = 208.82.236.174
13:54:01   -> Additional: A-record for ns2f.craigslist.org = 208.82.238.72

This thread was automatically locked due to age.

Parents

0 BarryG over 14 years ago

Hi, can you post the packetfilter log showing the block?

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 MikeinNYC over 14 years ago in reply to BarryG

When Country block is on (all Blocked except USA)
I get the following below: 199.X.X.X
when off I get 208.82.x.x the correct IP range?

Flushed DNS to fix this. Now resolves correctly. Note I use "two internal DNS" servers one Astaro which when country block is on happens to blocks another dns resolver. That took some time but i just figured it out.

Basically, I needed a solution that would filter out all financial ADS. (Hate em all). Rather than manually create them one by one and impliment them into the packet filter (Hint cut and paste next feature [:)]) I use another DNS and load up my ad blocks. see below "Blocked Ads URLS" and my "Regular Expression Block"

0:37:25   Started plug-in "HTTP Redirector1"
20:37:25   Started plug-in "Blocked Ads URLS"
20:37:25   Sending request to 192.228.79.201 (b.root-servers.net) for A-record for edns0.test (EDNS0 probe)
20:37:25   Started plug-in "Regular Expression Block"
20:37:25   Reply from 192.228.79.201 about A-record for edns0.test:
20:37:25   -> Header: Non-Existent Domain

19:39:34   Sending request to 199.19.57.1 (d0.org.afilias-nst.org) for A-record for ns2p.craigslist.org
19:39:34   Sending request to 199.249.112.1 (a2.org.afilias-nst.info) for A-record for ns2p.craigslist.org
19:39:35   Sending request to 199.19.54.1 (b0.org.afilias-nst.org) for A-record for ns2p.craigslist.org
19:39:35   Sending request to 199.19.53.1 (c0.org.afilias-nst.info) for A-record for ns2p.craigslist.org
19:39:36   Sending request to 199.249.120.1 (b2.org.afilias-nst.org) for A-record for ns2p.craigslist.org
19:39:36   Sending request to 199.19.56.1 (a0.org.afilias-nst.info) for A-record for ns2p.craigslist.org
19:39:37   Sending request to 199.19.53.1 (c0.org.afilias-nst.info) for A-record for ns2p.craigslist.org
19:39:37   Sending request to 199.249.112.1 (a2.org.afilias-nst.info) for A-record for ns2p.craigslist.org
19:39:38   Sending request to 199.19.57.1 (d0.org.afilias-nst.org) for A-record for ns2p.craigslist.org
19:39:38   Sending request to 199.19.54.1 (b0.org.afilias-nst.org) for A-record for ns2p.craigslist.org
19:39:39   Sending request to 199.19.56.1 (a0.org.afilias-nst.info) for A-record for ns2p.craigslist.org
19:39:39   Sending request to 199.249.120.1 (b2.org.afilias-nst.org) for A-record for ns2p.craigslist.org
19:39:40   Sending request to 199.249.112.1 (a2.org.afilias-nst.info) for A-record for ns2p.craigslist.org
19:39:40   Sending request to 199.249.120.1 (b2.org.afilias-nst.org) for A-record for ns2p.craigslist.org
19:39:41   Sending request to 199.19.57.1 (d0.org.afilias-nst.org) for A-record for ns2p.craigslist.org
19:39:41   Sending request to 199.19.56.1 (a0.org.afilias-nst.info) for A-record for ns2p.craigslist.org

Address lookup
canonical name d0.org.afilias-nst.org.
aliases
addresses 2001:500:f::1
199.19.57.1

Domain Whois record
Queried whois.publicinterestregistry.net with "afilias-nst.org"...

Domain ID[[[[[[[:D]]]]]]]125269055-LROR
Domain Name:AFILIAS-NST.ORG
Created On:30-Jun-2006 15:36:58 UTC
Last Updated On:01-Apr-2009 00:29:59 UTC
Expiration Date:30-Jun-2012 15:36:58 UTC
Sponsoring Registrar:MarkMonitor Inc. (R37-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:mmr-47387
Registrant Name[[[[[[[:D]]]]]]]omain Administrator
Registrant Organization:Afilias Limited
Registrant Street1:3013 Lake Drive
Registrant Street2[:$]ffice 107  CityWest
Registrant Street3:
Registrant City[[[[[[[:D]]]]]]]ublin - ????????
Registrant State/Province:
Registrant Postal Code:24
Registrant Country:IE
Registrant Phone:+1.2157065700
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email[[[[[:D]]]]]omainadmin@afilias.info
Admin ID:mmr-47387
Admin Name[[[[[[[:D]]]]]]]omain Administrator
Admin Organization:Afilias Limited
Admin Street1:3013 Lake Drive
Admin Street2[:$]ffice 107  CityWest
Admin Street3:
Admin City[[[[[[[:D]]]]]]]ublin
Admin State/Province:
Admin Postal Code:24
Admin Country:IE
Admin Phone:+1.2157065700
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email[[[[[:D]]]]]omainadmin@afilias.info
Tech ID:mmr-47387
Tech Name[[[[[[[:D]]]]]]]omain Administrator
Tech Organization:Afilias Limited
Tech Street1:3013 Lake Drive
Tech Street2[:$]ffice 107  CityWest
Tech Street3:
Tech City[[[[[[[:D]]]]]]]ublin
Tech State/Province:
Tech Postal Code:24
Tech Country:IE
Tech Phone:+1.2157065700
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email[[[[[:D]]]]]omainadmin@afilias.info
Name Server:NS1.AMS1.AFILIAS-NST.INFO
Name Server:NS1.MIA1.AFILIAS-NST.INFO
Name Server:NS1.SEA1.AFILIAS-NST.INFO
Name Server:NS1.YYZ1.AFILIAS-NST.INFO
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

Network Whois record
Queried whois.arin.net with "n 199.19.57.1"...

NetRange:       199.19.48.0 - 199.19.57.255
CIDR:           199.19.56.0/23, 199.19.48.0/21
OriginAS:
NetName:        AFILIAS-NET1
NetHandle:      NET-199-19-48-0-1
Parent:         NET-199-0-0-0-0
NetType:        Direct Assignment
RegDate:        2006-10-19
Updated:        2010-07-27
Ref:            http://whois.arin.net/rest/net/NET-199-19-48-0-1

OrgName:        Afilias Canada, Corp.
OrgId:          ACC-308
Address:        4141 Yonge Street
Address:        Suite 204
City:           Toronto
StateProv:      ON
PostalCode:     M2P-2A8
Country:        CA
RegDate:        2006-04-21
Updated:        2010-07-26
Ref:            http://whois.arin.net/rest/org/ACC-308

OrgTechHandle: RSE78-ARIN
OrgTechName:   Seastrom, Robert
OrgTechPhone:  +1-703-622-0001
OrgTechEmail:  rseastrom@afilias.info
OrgTechRef:    http://whois.arin.net/rest/poc/RSE78-ARIN

OrgTechHandle: CLEME4-ARIN
OrgTechName:   Clements, Carl
OrgTechPhone:  +1-416-646-1541
OrgTechEmail:  cclements@ca.afilias.info
OrgTechRef:    http://whois.arin.net/rest/poc/CLEME4-ARIN

OrgTechHandle: MSA258-ARIN
OrgTechName:   Abbas, Majdi S.
OrgTechPhone:  +1-602-412-4940
OrgTechEmail:  mabbas@afilias.info
OrgTechRef:    http://whois.arin.net/rest/poc/MSA258-ARIN

OrgNOCHandle: NOC11438-ARIN
OrgNOCName:   Network Operations Centre
OrgNOCPhone:  +1-416-646-1541
OrgNOCEmail:  noc@afilias-nst.info
OrgNOCRef:    http://whois.arin.net/rest/poc/NOC11438-ARIN

OrgTechHandle: MSP93-ARIN
OrgTechName:   Pounsett, Matthew Stewart
OrgTechPhone:  +1-416-673-8057
OrgTechEmail:  mpounsett@ca.afilias.info
OrgTechRef:    http://whois.arin.net/rest/poc/MSP93-ARIN

When country block is off: Correct response below.

20:03:43 DNS request UDP 192.168.1.10 : 65273
→ 208.82.236.174 : 53
len=76 ttl=128 tos=0x00

20:03:43 DNS request UDP 192.168.1.10 : 57770
→ 208.82.236.175 : 53
len=76 ttl=128 tos=0x00

20:03:43 DNS request UDP 192.168.1.10 : 14918
→ 208.82.238.72 : 53
len=71 ttl=128 tos=0x00

20:03:43 DNS request UDP 192.168.1.10 : 52669
→ 208.82.236.174 : 53
len=75 ttl=128 tos=0x00

20:03:44 DNS request UDP 192.168.1.10 : 51505
→ 208.82.238.71 : 53
len=75 ttl=128 tos=0x00

20:03:44 DNS request UDP 192.168.1.10 : 26330
→ 208.82.238.72 : 53
len=84 ttl=128 tos=0x00

etRange:       208.82.236.0 - 208.82.239.255
CIDR:           208.82.236.0/22
OriginAS:       AS22414
NetName:        CRAIGS-NET-1
NetHandle:      NET-208-82-236-0-1
Parent:         NET-208-0-0-0-0
NetType:        Direct Assignment
RegDate:        2007-09-26
Updated:        2009-05-19
Ref:            http://whois.arin.net/rest/net/NET-208-82-236-0-1

OrgName:        Craigslist, Inc.
OrgId:          CRAIGS-5
Address:        1381 9th Ave
City:           San Francisco
StateProv:      CA
PostalCode:     94122
Country:        US
RegDate:        2001-11-20
Updated:        2009-05-18
Ref:            http://whois.arin.net/rest/org/CRAIGS-5

I just flushed the DNS and it now resolves correctly but only if I allow the above  Ip.

In conclusion its not Astaro problem but I need to allow certain ips (whitelist from country block anyway) Like just allow 3 ips from one country but deny the rest.

Mike
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 14 years ago in reply to MikeinNYC

In conclusion its not Astaro problem but I need to allow certain ips (whitelist from country block anyway) Like just allow 3 ips from one country but deny the rest.

Glad you figured it out.

Please see
Country Blocking with Service restriction

and paste your comment there, and vote for it.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 14 years ago in reply to MikeinNYC

In conclusion its not Astaro problem but I need to allow certain ips (whitelist from country block anyway) Like just allow 3 ips from one country but deny the rest.

Glad you figured it out.

Please see
Country Blocking with Service restriction

and paste your comment there, and vote for it.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data