login about faq

We often get this question from IT teams wanting to secure their Internet connection with a firewall or filtering proxy, but still want to allow access to the Leading2Lean service. What servers will users at my company access when using the Leading2Lean solution?

asked Feb 28 '12 at 15:40

Tyler%20Whitaker's gravatar image

Tyler Whitaker ♦♦
717813


We use several leading2lean.com sub domains in conjunction with Leading2Lean Solutions. Hopefully you can whitelist all traffic to both *.leading2lean.com and *.amazonaws.com to bypass your proxies and be allowed through your firewall. Do this filtering by DNS address is the preferred method since many of our servers are load balanced and span multiple IP addresses and address ranges. We do this for load balancing, high availability, redundancy, etc.

Proxies

We have found that generally speaking proxies are not designed to work well with dynamic websites. If at all possible it's better to avoid using them for web traffic for destined for Leading2Lean.com domains. Users with corporate proxies may sometimes get random http 502 Proxy / Bad Gateway Errors unless the proper whitelisting is setup. See below for more details.

IP Address Ranges

If your firewall or proxy does not allow for filtering via DNS name, then the following list will be updated from time to time with the current IP address configuration, and you will need to update your filtering rules periodically.

Static IP Address Leading2Lean Domains

*customername*.leading2lean.com - Generally set at a static IP address. Where customername is the replaced with your actual customer name. Using ping at the command line will give you the IP Address of this server.

Other sub-domains:

support.leading2lean.com - 184.106.201.44
sales.leading2lean.com - 184.106.201.44
www.leading2lean.com - 184.106.201.44
beta.leading2lean.com - 184.106.230.168

Load Balanced Dynamic IP Address Leading2Lean Domains

files.leading2lean.com 
static.leading2lean.com

These servers utilize the Amazon S3 infrastructure and you will need the following procedure to obtain the current IP address ranges in use.

How to find the IP address ranges for Amazon's S3 infrastructure

There are a couple ways you can figure this out. I find this the easiest for where you are at a corporate location behind a firewall needing an IP range.

  1. From a command prompt use dig or nslookup to lookup an IP for s3.amazonaws.com
  2. Take the IP you get (I get 72.21.202.112) and run a whois query on it. If you aren't on a system that has whois installed there are several websites that provide it ( I like the ARIN page: http://www.arin.net/whois/)
  3. On there you will see a field like "NetRange:" and then the range of IP addresses Amazon owns around the IP that you found. So for me, when I whois the above IP i get back:

    "NetRange: 72.21.192.0 - 72.21.223.255"

There is also a CIDR address which the firewall guys might want instead:

"CIDR:       72.21.192.0/19"

S3 IP Ranges

s3.amazonaws.com is a CNAME for s3-1.amazonaws.com and I think s3-2.amazonaws.com. Nothing above s3-2 resolves for me. I've also seen s3-1-w.amazonaws.com, s3-2-w.amazonaws.com, and s3-3-w.amazonaws.com.

The ranges of IPs I see assigned for these are:

72.21.192.0 - 72.21.223.255       CIDR: 72.21.192.0/19
207.171.160.0 - 207.171.191.255   CIDR: 207.171.160.0/19
178.236.0.0 -  178.236.7.255      CIDR: 178.236.0.0/21
87.238.80.0 - 87.238.81.255       CIDR: 87.238.80.0/21

You'll want to whitelist those ranges above.

You might get completely different IP ranges based on where you are in the world, but I am fairly certain that you won't ever stray out of the ranges you find if you follow these steps in the areas you are. For more information see: https://forums.aws.amazon.com/thread.jspa?messageID=87807#87807

answered Feb 28 '12 at 16:21

Tyler%20Whitaker's gravatar image

Tyler Whitaker ♦♦
717813

edited Mar 26 '12 at 16:58

I've found a more comprehensive list of IP addresses for Amazon's US East Region for those using IP addresses to whitelist.

Source: Complete IP Address list = https://forums.aws.amazon.com/ann.jspa?annID=1408

US East (Northern Virginia):

  • 72.44.32.0/19 (72.44.32.0 - 72.44.63.255)
  • 67.202.0.0/18 (67.202.0.0 - 67.202.63.255)
  • 75.101.128.0/17 (75.101.128.0 - 75.101.255.255)
  • 174.129.0.0/16 (174.129.0.0 - 174.129.255.255)
  • 204.236.192.0/18 (204.236.192.0 - 204.236.255.255)
  • 184.73.0.0/16 (184.73.0.0 – 184.73.255.255)
  • 184.72.128.0/17 (184.72.128.0 - 184.72.255.255)
  • 184.72.64.0/18 (184.72.64.0 - 184.72.127.255)
  • 50.16.0.0/15 (50.16.0.0 - 50.17.255.255)
  • 50.19.0.0/16 (50.19.0.0 - 50.19.255.255)
  • 107.20.0.0/14 (107.20.0.0 - 107.23.255.255)
  • 23.20.0.0/14 (23.20.0.0 – 23.23.255.255)

This came from Amazon's EC2 forum: https://forums.aws.amazon.com/forum.jspa?forumID=30

answered Apr 24 '12 at 16:18

Tyler%20Whitaker's gravatar image

Tyler Whitaker ♦♦
717813

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×1
×1
×1
×1
×1

Asked: Feb 28 '12 at 15:40

Seen: 16,644 times

Last updated: Apr 24 '12 at 16:18

Related questions