Strange Web Behavior
I am using an gateway on my network with NAT and firewall. Everything seems to work fine, but I am not able to connect to google.com. This is very strange because for the past 1 1/2 years I have been using this system I have not had a problem with it. I discovered that if I ssh into the firewall and use lynx that I can access google and run searches, but none of the computers behind the firewall can. There are no logs saying that the firewall is droping anything and the DNS reports an accurate ip address. Does anyone have any suggestions as to what might be happening? -- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
Hi
Sounds like packet forwarding is not working. Can the machines behind the firewall access any other sites.
Ray
02/05/15 17:37:07, Austin Morgan
I am using an gateway on my network with NAT and firewall. Everything seems to work fine, but I am not able to connect to google.com. This is very strange because for the past 1 1/2 years I have been using this system I have not had a problem with it. I discovered that if I ssh into the firewall and use lynx that I can access google and run searches, but none of the computers behind the firewall can. There are no logs saying that the firewall is droping anything and the DNS reports an accurate ip address. Does anyone have any suggestions as to what might be happening? -- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
---------------------------------------- Ray Leach (Technical Network Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za Tel: +27-11-445-8100 Direct: 445-8263 Fax: +27-11-445-8101 "No matter where you go, there you are." ----------------------------------------
Yes, as far as I can tell I can access every site except google.com. I also thought that it was packet forwarding, but then I should at least have something logged, or I should not be able to access any web pages not on my local network. Austin On Thu, May 16, 2002 at 07:12:24AM +0200, Raymond Leach wrote:
Hi
Sounds like packet forwarding is not working. Can the machines behind the firewall access any other sites.
Ray
02/05/15 17:37:07, Austin Morgan
wrote: I am using an gateway on my network with NAT and firewall. Everything seems to work fine, but I am not able to connect to google.com. This is very strange because for the past 1 1/2 years I have been using this system I have not had a problem with it. I discovered that if I ssh into the firewall and use lynx that I can access google and run searches, but none of the computers behind the firewall can. There are no logs saying that the firewall is droping anything and the DNS reports an accurate ip address. Does anyone have any suggestions as to what might be happening? -- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
---------------------------------------- Ray Leach (Technical Network Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za Tel: +27-11-445-8100 Direct: 445-8263 Fax: +27-11-445-8101 "No matter where you go, there you are." ----------------------------------------
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
Hi
Sounds like packet forwarding is not working. Can the machines behind
Maybe you can tell us what is your configuration For NATing your local Network. Probably, you have made mistake. Are you connecting to Internet using Dial-up connection? Can you tell me what type of connection do you have ? -----Original Message----- From: Austin Morgan [mailto:admorgan@morgancomputers.net] Sent: 16 Mei 2002 18:27 To: suse-security@suse.com Subject: Re: [suse-security] Strange Web Behavior Yes, as far as I can tell I can access every site except google.com. I also thought that it was packet forwarding, but then I should at least have something logged, or I should not be able to access any web pages not on my local network. Austin On Thu, May 16, 2002 at 07:12:24AM +0200, Raymond Leach wrote: the firewall access any other sites.
Ray
02/05/15 17:37:07, Austin Morgan
wrote: I am using an gateway on my network with NAT and firewall.
Everything
seems to work fine, but I am not able to connect to google.com. This is very strange because for the past 1 1/2 years I have been using this system I have not had a problem with it. I discovered that if I ssh into the firewall and use lynx that I can access google and run searches, but none of the computers behind the firewall can. There are no logs saying that the firewall is droping anything and the DNS reports an accurate ip address. Does anyone have any suggestions as to what might be happening? -- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
---------------------------------------- Ray Leach (Technical Network Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za Tel: +27-11-445-8100 Direct: 445-8263 Fax: +27-11-445-8101 "No matter where you go, there you are." ----------------------------------------
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Maybe you can tell us what is your configuration For NATing your local Network. Probably, you have made mistake. Are you connecting to Internet using Dial-up connection? Can you tell me what type of connection do you have ? Maybe you have a problem with ECN.
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
My configuration for NAT is using SuSEfirewall2 I have set FW_MASQ_NETS="192.168.0.0/16". I am connected using an cable modem and everything there seems ok. The only place I can not access (for a week now) is google. What is ECN Markus? Austin On Thu, May 16, 2002 at 08:13:55PM +0700, Kheli wrote:
Maybe you can tell us what is your configuration For NATing your local Network. Probably, you have made mistake. Are you connecting to Internet using Dial-up connection? Can you tell me what type of connection do you have ?
-----Original Message----- From: Austin Morgan [mailto:admorgan@morgancomputers.net] Sent: 16 Mei 2002 18:27 To: suse-security@suse.com Subject: Re: [suse-security] Strange Web Behavior
Yes, as far as I can tell I can access every site except google.com. I also thought that it was packet forwarding, but then I should at least have something logged, or I should not be able to access any web pages not on my local network.
Hi
Sounds like packet forwarding is not working. Can the machines behind
Austin On Thu, May 16, 2002 at 07:12:24AM +0200, Raymond Leach wrote: the firewall access any other sites.
Ray
02/05/15 17:37:07, Austin Morgan
wrote: I am using an gateway on my network with NAT and firewall.
Everything
seems to work fine, but I am not able to connect to google.com. This is very strange because for the past 1 1/2 years I have been using this system I have not had a problem with it. I discovered that if I ssh into the firewall and use lynx that I can access google and run searches, but none of the computers behind the firewall can. There are no logs saying that the firewall is droping anything and the DNS reports an accurate ip address. Does anyone have any suggestions as to what might be happening? -- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
---------------------------------------- Ray Leach (Technical Network Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za Tel: +27-11-445-8100 Direct: 445-8263 Fax: +27-11-445-8101 "No matter where you go, there you are." ----------------------------------------
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
For securiy reasons i want to deny, in my suse proftpd server, the *.exe files uploads. is this posible? can anybody says me how? thanks
On Thu, 16 May 2002, Austin Morgan wrote:
My configuration for NAT is using SuSEfirewall2 I have set FW_MASQ_NETS="192.168.0.0/16". I am connected using an cable modem and everything there seems ok. The only place I can not access (for a week now) is google. What is ECN Markus?
ECN is an option when you compile your kernel, it's under general networking options: this is the help text: CONFIG_INET_ECN: Explicit Congestion Notification (ECN) allows routers to notify clients about network congestion, resulting in fewer dropped packets and increased network performance. This option adds ECN support to the Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) which allows ECN support to be disabled at runtime. Note that, on the Internet, there are many broken firewalls which refuse connections from ECN-enabled machines, and it may be a while before these firewalls are fixed. Until then, to access a site behind such a firewall (some of which are major sites, at the time of this writing) you will have to disable this option, either by saying N now or by using the sysctl. If in doubt, say N. in belgium there's at leat one site (www.planetinternet.be) that i couldn't get access to with ecn in the kernel. i can access google.be however. regards, stijn
Austin On Thu, May 16, 2002 at 08:13:55PM +0700, Kheli wrote:
Maybe you can tell us what is your configuration For NATing your local Network. Probably, you have made mistake. Are you connecting to Internet using Dial-up connection? Can you tell me what type of connection do you have ?
-----Original Message----- From: Austin Morgan [mailto:admorgan@morgancomputers.net] Sent: 16 Mei 2002 18:27 To: suse-security@suse.com Subject: Re: [suse-security] Strange Web Behavior
Yes, as far as I can tell I can access every site except google.com. I also thought that it was packet forwarding, but then I should at least have something logged, or I should not be able to access any web pages not on my local network.
Hi
Sounds like packet forwarding is not working. Can the machines behind
Austin On Thu, May 16, 2002 at 07:12:24AM +0200, Raymond Leach wrote: the firewall access any other sites.
Ray
02/05/15 17:37:07, Austin Morgan
wrote: I am using an gateway on my network with NAT and firewall.
Everything
seems to work fine, but I am not able to connect to google.com. This is very strange because for the past 1 1/2 years I have been using this system I have not had a problem with it. I discovered that if I ssh into the firewall and use lynx that I can access google and run searches, but none of the computers behind the firewall can. There are no logs saying that the firewall is droping anything and the DNS reports an accurate ip address. Does anyone have any suggestions as to what might be happening? -- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
---------------------------------------- Ray Leach (Technical Network Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za Tel: +27-11-445-8100 Direct: 445-8263 Fax: +27-11-445-8101 "No matter where you go, there you are." ----------------------------------------
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Thursday 16 May 2002 22:02, Austin Morgan wrote:
My configuration for NAT is using SuSEfirewall2 I have set FW_MASQ_NETS="192.168.0.0/16". I am connected using an cable modem and everything there seems ok. The only place I can not access (for a week now) is google. What is ECN Markus?
ECN is turned off by the SuSEfirewall2 script. You can do it manually with: echo 0 > /proc/sys/net/ipv4/tcp_ecn to turn it on replace the 0 with a 1. -- GertJan
Hi Austin, if you use some dialup-isp (i.e. DSL) it might be a problem with the MRU/MTU settings of your NAT. In thise case have a look at: http://sdb.suse.de/de/sdb/html/cg_pmtu2.html Thomas Austin Morgan wrote:
I am using an gateway on my network with NAT and firewall. Everything seems to work fine, but I am not able to connect to google.com. This is very strange because for the past 1 1/2 years I have been using this system I have not had a problem with it. I discovered that if I ssh into the firewall and use lynx that I can access google and run searches, but none of the computers behind the firewall can. There are no logs saying that the firewall is droping anything and the DNS reports an accurate ip address. Does anyone have any suggestions as to what might be happening? -- __ __ ____ ____ | \/ |/ ___/ ___| Austin Morgan | |\/| | | \___ \ Morgan Computer Services | | | | |___ ___) | 479-857-1189 |_| |_|\____|____/ www.morgancomputers.net
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- ArcStyler - the Architectural IDE for MDA/J2EE/EJB -> CyberOne Award 2001 -> Winner Crossroads A-List Award 2001 -> IBM Solution Excellence Award winner for Hot Java Solution -> European Information Society Technologies Prize Winner 2001 -> Free trial-version at http://www.ArcStyler.com -> Made with ArcStyler http://www.NewWaveSearchables.com ----- < iO > --------------------------------------------------------- Interactive Objects Software GmbH mailto:Thomas.Kerkau@io-software.com http://www.io-software.com Basler Strasse 65, D-79100 Freiburg, Germany Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73 ----------------------------------------------------------------------
participants (8)
-
Austin Morgan
-
Carlos
-
Dr. Thomas Kerkau
-
GertJan Spoelman
-
Kheli
-
Markus Gaugusch
-
Raymond Leach
-
Stijn Vander Maelen