Can't browse, ssh, or ftp but can ping and nslookup FC-3

Christopher K. Johnson ckjohnson at gwi.net
Thu Dec 23 23:47:04 UTC 2004


Lane Inman wrote:

> With ACPI off, it still does not work;
> ping -s 1500 works fine....
>
> iptables --list
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
>
> Lane Inman wrote:
>
>    FC 3 fresh install x86_64 smp
>
> - firewall disabled
> - SELinux off
> - Interface is up
> - Names Resolve
> - Can ping hosts
> - can connect on ftp, but cant download the files
> - can't ssh to or from box...
>
>
>    have added to /etc/modprobe.conf
>    alias net-pf-10 off
>
>    -Lane

I wouldn't recommend the acpi off for a networking problem where some 
packets work fine.  You will probably want to reverse that change.

Make sure you reboot after adding the "alias net-pf-10 off" to 
/etc/modprobe.conf in order to make it effective.
Then make these additions to /etc/sysctl.conf.  The tcp_ecn and 
tcp_window_scaling may be the problem.  The latter change is just one I 
make to prevent responding to broadcast pings.

# Start CKJ additions for rubustness and security...
# Disable TCP ECN which some routers and servers cannot handle.
net.ipv4.tcp_ecn = 0
 
# Disable TCP window scaling which some routers and firewalls cannot handle.
net.ipv4.tcp_window_scaling = 0
 
# Disable response to broadcast icmp echo requests.
net.ipv4.icmp_echo_ignore_broadcasts = 1
 
# ...End CKJ additions for rubustness and security

Make the sysctl.conf changes effective by the command:
sysctl -p

Chris

-- 
-----------------------------------------------------------
   "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
   Chris Johnson, RHCE #807000448202021




More information about the fedora-list mailing list