Can't browse, ssh, or ftp but can ping and nslookup FC-3

Lane Inman lanei at etm.pdx.edu
Mon Dec 27 02:30:02 UTC 2004 

1) ifconfig -a shows now errors
2) Added changes; after another fresh install - no joy.  Same problem.
3) Cant ssh to box - never responds.
4) Can not see web page on 192.168.0.1 - my router via the web
5) ssh to another box running sshd (Fedora Core 3 on my private network, 
does not connect)
6) FTP doesn't work definition:
ftp ftp.redhat.com
*Name (ftp.redhat.com:oli): anonymous
331 Please specify the password.
Password:
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (66,187,224,30,42,78)
150 Here comes the directory listing.
drwxr-xr-x    6 ftp      ftp          4096 Nov 13  2003 pub
226 Directory send OK.
ftp> cd pub
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (66,187,224,30,39,16)
150 Here comes the directory listing.
drwxr-xr-x    9 ftp      ftp          4096 Nov 25  2003 contrib
drwxr-xr-x   13 ftp      ftp          4096 Jan 29  2003 redhat
drwxrwsr-x    6 ftp      ftp          4096 Jun 05  2002 up2date
226 Directory send OK.
ftp> cd redhat
250 Directory successfully changed.
ftp> ls
150 Here comes the directory listing.
<hang>


*
loLane Inman wrote:

With ACPI off, it still does not work;
ping -s 1500 works fine....


iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination


Chain FORWARD (policy ACCEPT)
target prot opt source destination


Chain OUTPUT (policy ACCEPT)
target prot opt source destination



    Lane Inman wrote:

    FC 3 fresh install x86_64 smp

- firewall disabled
- SELinux off
- Interface is up
- Names Resolve
- Can ping hosts
- can connect on ftp, but cant download the files
- can't ssh to or from box...


   have added to /etc/modprobe.conf
   alias net-pf-10 off


    -Lane 


I wouldn't recommend the acpi off for a networking problem where some 
packets work fine. You will probably want to reverse that change.

Make sure you reboot after adding the "alias net-pf-10 off" to 
/etc/modprobe.conf in order to make it effective.
Then make these additions to /etc/sysctl.conf. The tcp_ecn and 
tcp_window_scaling may be the problem. The latter change is just one I 
make to prevent responding to broadcast pings.

# Start CKJ additions for rubustness and security...
# Disable TCP ECN which some routers and servers cannot handle.
net.ipv4.tcp_ecn = 0


# Disable TCP window scaling which some routers and firewalls cannot handle.
net.ipv4.tcp_window_scaling = 0


# Disable response to broadcast icmp echo requests.
net.ipv4.icmp_echo_ignore_broadcasts = 1


# ...End CKJ additions for rubustness and security

Make the sysctl.conf changes effective by the command:
sysctl -p


Chris

--
-----------------------------------------------------------
  "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
  Chris Johnson, RHCE #807000448202021

More information about the fedora-list mailing list