Network troubleshooting, any experts?
Jeff Vian
jvian10 at charter.net
Thu Apr 29 01:09:57 UTC 2004
Elam Daly wrote:
> Jeff Vian wrote:
>
>> \My thoughts are that they probably know this is a server, and as
>> such may have blocked TCP from that particular host IP address.
>>
>>
>> It appears UDP and ICMP are getting through.
>>
>>>
>>
>>
> They do know it's a web server, as they host our website. If TCP is
> being blocked though, how is it possible that can people visit the
> website? I realize that http connections come in through port 80, but
> the responses from the webserver don't. They leave from the
> webserver through any port that apache deems neccessary, correct?
> Elam Daly
> Whiteware Inc.
IPTABLES does stateful filtering and related connection can be
established while new connections can be blocked. I use this on both
ftp (allowing only port 20) and http (allowing only port 80).
A connection estqablished as a reply to a web browser request is related
and can be allowed without being explicitly allowed by port number..
Any TCP connection that originates from the server is new and easily
blocked.
It may be that they are using a similar firewall rule on this particular
host.
Check how your ISP has the router/firewall configured and make sure they
allow this host outbound connections. (As they apparently do for other
hosts.)
More information about the fedora-list
mailing list