FC3 traffic can't get thru firewall
Tony Dietrich
td at transoft.demon.co.uk
Mon Feb 14 00:09:47 UTC 2005
On Sunday 13 Feb 2005 18:43, Bill Gradwohl wrote:
> Tony Dietrich wrote:
> >Wild guess here .. when you/they set up the firewall, did they hardcode
> > into the firewall the maximum number of internal IPs they expected ... ie
> > "we're never going to have more than 70 machines, and even tho DNS can
> > allocate more than 70 addresses, we'll write the firewall script to only
> > allow the first 70 past"?
>
> The firewall has no limits imposed on it. Since this is Sunday, most of
> the end user boxes are turned off, so I doubt there are more than 30
> boxes turned on.
>
Oh well, worth a thought .. eliminate all the improbable, and you are left
with a few less culprits :p .. and I'm sure anyone who's been around has seen
other silly things done in the name of 'security' :p
Have you checked the deny rules as well as the allow rules in your chains? Is
there a typo somewhere? Is there something in hosts.deny on the server that
is stopping xinetd from acepting the connections? Is squid running and
swallowing replies because of some ACL? (OK, so 99.9% of these questions are
probably hopelessly wrong, but I was just free-thinking!)
--
Tony Dietrich
-------------
No act of kindness, no matter how small, is ever wasted.
-- Aesop
More information about the fedora-list
mailing list