Page 1 of 2 12 LastLast
Results 1 to 15 of 21

Thread: Connections to 10.6.0.1 and 10.6.0.?

  1. #1
    Join Date
    Mar 2004
    Location
    Espaņa (Spain)
    Posts
    9

    Connections to 10.6.0.1 and 10.6.0.?

    Hi! I would like to know why outpost/windowsXP (?) is always trying to connect to 10.6.0.1 and 10.6.0.? with the ports BOOTPS or BOOTPC. The adresses correspond to IANA. Should I block these connections or allow them? Which are their purpose?
    Thanks and sorry for my english...
    "...y entre los muertos siempre habra una lengua viva que diga que Zaragoza no se rinde..."

    Ciudad Inmortal
    Zaragoza (25 A.C.)

  2. #2
    Join Date
    Feb 2003
    Location
    North West, United Kingdom
    Posts
    10,354
    Welcome to the forums Boulogne75,

    BOOTPS and BOOTPC are used for Dynamic Host Configuration Protocol (DHCP) - a method of getting a "lease" on an IP (Internet Protocol) address. This address is necessary to send and receive traffic on the Internet so Windows will send out a request as soon as it detects a network connection (and this activity is reported by Outpost). This request will be renewed halfway through the lease. Typing ipconfig /all from a Command Prompt/DOS Box should show your DHCP details at the end (including the IP address of your DHCP server).

    The 10.x.x.x address range is reserved for private networks - this suggests that your PC is part of a Local Area Network using a gateway PC or router to connect to the Internet.

  3. #3
    Join Date
    Mar 2004
    Location
    Espaņa (Spain)
    Posts
    9
    Thank you for your answer. I have a standalone PC which connect to the internet through a cable-modem. I also have the DHCP for global rules and svchost.exe configured to only allow connections to my ISPīs DHCP server (10.33.192.2). That is why I was not sure why my Pc tried to connect to these adresses.
    If 10.x.x.x is for LAN why my DHCP server is located at 10.33.192.2? Is it possible?
    Thanks again
    "...y entre los muertos siempre habra una lengua viva que diga que Zaragoza no se rinde..."

    Ciudad Inmortal
    Zaragoza (25 A.C.)

  4. #4
    Join Date
    Feb 2003
    Location
    North West, United Kingdom
    Posts
    10,354
    The address range 10.0.0.1 to 10.255.255.254 is reserved for private networks. Your ISP appears, as many cable ISPs do, to have all users setup as a large LAN. In this situation, it is possible for your DHCP server address to be anywhere in this range - it depends how your ISP has set up their system (you need to contact them for specific details) but it would seem possible (and prudent) for them to have multiple servers so that users could still access the Internet if one failed.

  5. #5
    Join Date
    Mar 2004
    Location
    Espaņa (Spain)
    Posts
    9
    Thanks again, Paranoid2000. I will try to contact my ISP to know if the adresses that worry me are DHCP servers or other users trying to connect my PC (I don t know if it s possible). Thank you for your help... You are doing a very good support job in these forums
    "...y entre los muertos siempre habra una lengua viva que diga que Zaragoza no se rinde..."

    Ciudad Inmortal
    Zaragoza (25 A.C.)

  6. #6
    Join Date
    Feb 2003
    Location
    North West, United Kingdom
    Posts
    10,354
    Thanks for the feedback. Doing an ipconfig /all will show what DHCP server you are currently using so traffic to and from this should be legitimate. Other addresses should be queried with your ISP.

  7. #7
    Join Date
    Nov 2001
    Location
    London, UK
    Posts
    1,604
    Some ISP's have a primary DHCP (as reported in the config), and a slave/repeater or whatever it's called.

    On NTL, my primary is 10.0.106.70 but my system makes frequent requests ( I thought it was an error) to 10.36.160.1

    I think it's safe to give those addresses, as they won't mean anything outside of my own ISP.

    I can't even ping/tracert them myself!
    Last edited by MTDay; 03-21-2004 at 11:07.

  8. #8
    Join Date
    Mar 2004
    Location
    Espaņa (Spain)
    Posts
    9
    Thank you MTDay, that is exactly what happened to me. I couldn t even trace them so I think it may be safe to give them "permission".

    Now, I have an other trouble (?), I want to configure rules for my email clients in the preset.lst but it doesn t accept the resolved addresses for my pop3 and smtp servers. I don t know how I can get them in the x.x.x.x format. Any idea?
    Thanks!!
    "...y entre los muertos siempre habra una lengua viva que diga que Zaragoza no se rinde..."

    Ciudad Inmortal
    Zaragoza (25 A.C.)

  9. #9
    Join Date
    Nov 2001
    Location
    London, UK
    Posts
    1,604
    I just remembered / found out more.
    The 10.36.160.1 is the "private" address of the UBR, and appears as the first hop in a tracert to anywhere.

    NTL is also documented as having TWO main DHCP's.

    http://www.jandg-cooper.com/home_network/internet.html

    The structure may be similar on other ISP's - if so, then the UBR (head end) should be the ONLY other address involved apart from the main DHCP servers.

    http://homepage.ntlworld.com/robin.d....html#fwconfig
    More on the subject - in networking from the NTL service, failing to allow the UBR DHCP traffic is a major cause of connection loss.
    Last edited by MTDay; 03-22-2004 at 03:22.

  10. #10
    Join Date
    Feb 2003
    Location
    North West, United Kingdom
    Posts
    10,354
    Originally posted by boulogne75
    Now, I have an other trouble (?), I want to configure rules for my email clients in the preset.lst but it doesn t accept the resolved addresses for my pop3 and smtp servers. I don t know how I can get them in the x.x.x.x format.
    Please consider opening a new thread for different problems in future.

    To resolve a domain address, Outpost needs Internet access when you create the rule - were you offline at the time? If it still doesn't resolve, did you have the right domain? (check with a ping to see if that resolves).

  11. #11
    Join Date
    Nov 2001
    Location
    London, UK
    Posts
    1,604
    I finally understood what my system is seeing (DHCP).

    Remote host 10.36.160.1 - local host 255.255.255.255 - counts data RECEIVED, and uses rule "allow outgoing DHCP".

    At first startup a syatem broadcasts the DHCP request, the UBR (head end) catches this, and forwards it to the DHCP server, which then broadcasts the reply back through UBR again - all machines on the segment see it, but only the one initiating the request actually acts on it - this gives it the address of the DHCP server, so subsequent renewals should NOT be broadcast.

    So despite the rule being called "allow outging DHCP" what I'm seeing is broadcast returns.

    I'm glad I finally understood that!

  12. #12
    Join Date
    Mar 2004
    Location
    Espaņa (Spain)
    Posts
    9
    I m sorry Paranoid2000, I will consider it the next time
    I fixed my problem: it was as simple as to do a NS lookup to catch the x.x.x.x format of the address because outpost doesn t recognize the other format (e.g. www.qwerty.com) in the preset.lst

    MTDay, thanks too. So if I understand well, I should configure a global rule to allow DHCP traffic where local@ is broadcast (255.255.255.255) and remote@ is the repeater of my segment (10.33.192.2). And then configure an other rule for svchost.exe that only allow traffic from/to my repeater. Is this correct? Should the traffic be, for both rules, incoming and outgoing?

    Thank you...
    "...y entre los muertos siempre habra una lengua viva que diga que Zaragoza no se rinde..."

    Ciudad Inmortal
    Zaragoza (25 A.C.)

  13. #13
    Join Date
    Feb 2003
    Location
    North West, United Kingdom
    Posts
    10,354
    Boulogne75,

    DHCP configuration is discussed in the FAQ thread - if that does not provide a full answer then please post a query in the Secure configuration FAQ guide released announcement.

    If you are editing the preset.lst file then this accepts IP addresses only. I overlooked your mention of this and assumed that you were talking about creating a rule via Options/Application - which would accept and lookup domain names. There is little point in doing things the preset.lst way though, unless you have several applications that need setting up with the same ruleset.

  14. #14
    Join Date
    Mar 2004
    Location
    Espaņa (Spain)
    Posts
    9
    The only reasons to use the preset.lst are:
    1/ I can copy-paste rules in an easier way. It is more confortable to edit rules, to change IPs or ports that each application can access (e.g.)...
    2/ I can easily add loopback and DNS rules (e.g.) to each application that need it.
    2/ I can use preset.lst if I need to reinstall outpost. Although, I could save the config file but I prefer this way.

    For the DHCP question, I posted it here because it was related to my first problem. 10.x.x.x traffic seems to be legitimate DHCP traffic of my ISP which is blocked by the configuration I made using the guide. But if I change the the local@ to 255.255.255.255 this traffic is accepted. Actually, I have the configuration recommended by the guide (global and svchost rules) and the traffic from/to these 2 addresses (10.x.x.x) is blocked. I not sure what to do because my IP address is apparently renewed every hour (ipconfig /all -> concession) but remain the same (212.x.x.x) for 3 days. So I can t figure out if it is right and the blocked DHCP traffic doesn t affect it.
    Last edited by boulogne75; 03-24-2004 at 05:50.
    "...y entre los muertos siempre habra una lengua viva que diga que Zaragoza no se rinde..."

    Ciudad Inmortal
    Zaragoza (25 A.C.)

  15. #15
    Join Date
    Feb 2003
    Location
    North West, United Kingdom
    Posts
    10,354
    For Windows XP, DHCP requires 2 rules - a global one with the 255.255.255.255 remote address (this is a broadcast address which normally reaches all hosts on the network) and an application rule (for svchost.exe in WinXP's case) specifying the ISP DHCP server(s) as remote addresses.

    To test that DHCP works, open a command prompt window and then type ipconfig /release followed by ipconfig /renew. These force a renewal of your DHCP lease and if they work, then your configuration is correct and working, regardless of any entries for DHCP you may see in the Outpost blocked log.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. What does IN and OUT actually mean for UDP connections??
    By Hugo100 in forum Outpost Pro FIREWALL General Discussions, Support, and Troubleshooting
    Replies: 1
    Last Post: 03-03-2008, 11:12
  2. What are this incomming connections about?
    By onthenet in forum Outpost Pro FIREWALL General Discussions, Support, and Troubleshooting
    Replies: 2
    Last Post: 12-26-2006, 13:55
  3. n/a connections in 3.5
    By giopiar in forum Outpost Pro FIREWALL General Discussions, Support, and Troubleshooting
    Replies: 14
    Last Post: 03-02-2006, 07:38
  4. Dropped connections
    By deviant03 in forum Outpost Pro FIREWALL General Discussions, Support, and Troubleshooting
    Replies: 1
    Last Post: 07-08-2004, 09:51
  5. Incoming connections
    By muchod in forum Retired Threads
    Replies: 1
    Last Post: 08-06-2001, 04:37

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •