Can't browse, ssh, or ftp but can ping and nslookup FC-3
Christopher K. Johnson
ckjohnson at gwi.net
Thu Dec 23 23:47:04 UTC 2004
Lane Inman wrote:
> With ACPI off, it still does not work;
> ping -s 1500 works fine....
>
> iptables --list
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
>
> Lane Inman wrote:
>
> FC 3 fresh install x86_64 smp
>
> - firewall disabled
> - SELinux off
> - Interface is up
> - Names Resolve
> - Can ping hosts
> - can connect on ftp, but cant download the files
> - can't ssh to or from box...
>
>
> have added to /etc/modprobe.conf
> alias net-pf-10 off
>
> -Lane
I wouldn't recommend the acpi off for a networking problem where some
packets work fine. You will probably want to reverse that change.
Make sure you reboot after adding the "alias net-pf-10 off" to
/etc/modprobe.conf in order to make it effective.
Then make these additions to /etc/sysctl.conf. The tcp_ecn and
tcp_window_scaling may be the problem. The latter change is just one I
make to prevent responding to broadcast pings.
# Start CKJ additions for rubustness and security...
# Disable TCP ECN which some routers and servers cannot handle.
net.ipv4.tcp_ecn = 0
# Disable TCP window scaling which some routers and firewalls cannot handle.
net.ipv4.tcp_window_scaling = 0
# Disable response to broadcast icmp echo requests.
net.ipv4.icmp_echo_ignore_broadcasts = 1
# ...End CKJ additions for rubustness and security
Make the sysctl.conf changes effective by the command:
sysctl -p
Chris
--
-----------------------------------------------------------
"Spend less! Do more! Go Open Source..." -- Dirigo.net
Chris Johnson, RHCE #807000448202021
More information about the fedora-list
mailing list