On Sunday 11 March 2007 14:54, Damian Brasher wrote:
> Samual Wrote:
> > I've currently got a very strange problem on my firewall. Some
> > people are unable to connect to it, and others can. Previously
> > it was difficult to debug since I couldn't replicate the issue,
> > but now I've discovered a couple of machines which I have access
> > to which also have the problem, so maybe I can finally try and
> > troubleshoot it.
>
> What kind of firewall are you using? Is the configuration such that you
> have an adsl firewall with NAT to allow access to the Internet from more
> than one machine? does the firewall have outgoing filtering enabled? Do
> you use a proxy?
Internet -> ADSL Router -> OpenBSD Firewall -> My Network
As far as I know, the router should not be doing any firewalling. It
does not use NAT. It's IP is 80.176.97.121.
By OpenBSD 4.0 box does NATing and firewalling. The webserver is running
on that box. It's IP is 80.176.97.122, and uses the ADSL router as
a gateway. I'm using PF for the firewalling.
> > The server is running OpenBSD 4.0 (upgraded from 3.9 this morning),
> > and is accepting connections from http, https, jabber and ssh.
>
> This suggests your firewall is allowing these services through ok but I'm
> wondering why outgoing is causing issues.
All the problems are incoming - my own machines can see the firewall and
get out just fine. A few clients outside of my network are having problems.
Some can connect to https, some can't. My Laptop at work can see https
fine if it is booted into Windows, but not if it is booted into Linux,
even though all the LAN configuration at work should be the same regardless
of which OS it is currently running.
At least one other person has a similar problem (it works from Windows, but
not when he boots into Linux).
See my reply to Vic for some examples of connection attempts.
> > One machine (Gentoo in VMWare) is very strange, since it can
> > connect to my website (via http), but not to ssh, https or jabber.
> > It just times out when trying these other protocols. Other machines
> > on the same network have no problems. Other people have problems
> > on all ports, from a variety of distributions (it might be possible
> > to say that only some Linux clients are having problems, but I
> > can't be certain of this).
>
> Check your NAT settings on the firewall - as per above - are the firewalls
> on your internal network machines on or off? - do the machines have NAT
> enabled? - this can sometimes cause problems.
These machines can connect elsewhere just fine - it is some combination
of the client and the server that is at issue. The machines I have tried
it from have no firewalls of their own.
I'm going to try things from my laptop from inside my home network, and
see whether that gives the same result.
--
Be seeing you, http://www.glendale.org.uk
Sam. Mail/IM (Jabber): sam@???
