FC3 traffic can't get thru firewall
C. Linus Hicks
lhicks at nc.rr.com
Sun Feb 13 16:58:26 UTC 2005
On Sun, 2005-02-13 at 10:26 -0600, Bill Gradwohl wrote:
> A client attached an FC3 box to an existing private network of about 80
> Windows and RH7.2 boxes and it can't seem to pass any traffic thru an
> existing firewall. It can interact with boxes on the private network
> just fine. The intent is to upgrade all their RH7.2 to FC3 over the next
> 30 day.
>
---<snip>
>
> The first 2 entries are from : telnet 123.12.23.1 80 from bigboy, an FC3
> box. The telnet hangs never establishing a connection, ( I CTRL-C'd
> after 2 packets) but the dump clearly shows that the traffic hit the
> public side of the firewall. If I wait long enough, I get lots of
> similar output, but never a reply packet, and eventually get "Connection
> timed out".
"... the traffic hit the public side of the firewall." Agreed. But this
does not agree with your assertion in the first paragraph where you say
"... it can't seem to pass any traffic thru an existing firewall." Have
you run a tcpdump of the traffic between the firewall and the FC3
machine? And compare that to one that works?
> The next 2 entries are from : telnet 123.12.23.1 80 from mail1, an old
> RH7.2 box. The telnet connects and reports a "connection refused" as
> there is no web server running on the router.
>
> I've checked the firewalls logs for dropped packets and none are reported.
>
> I even moved the IP address of bigboy around to several other private
> addresses, and cleared the ARP caches involved to see if it was firewall
> rule related, and no matter what IP I put bigboy on its always the same
> thing. Traffic hits the public side of the firewall and disappears.
>
> I've got ipv6 and Window scaling turned off on the FC3 box.
You didn't say anything about the state of the firewall on the FC3 box.
Is it enabled? What rules?
--
C. Linus Hicks <lhicks at nc dot rr dot com>
More information about the fedora-list
mailing list