[Gllug] Firewalls suddenly blocking port 80? But how? And how can I check with no web access which device?

John Edwards john at cornerstonelinux.co.uk
Sun Nov 15 18:35:38 UTC 2009 

On Sun, Nov 15, 2009 at 06:11:15PM +0000, M.Blackmore wrote:
> On Sun, 2009-11-15 at 07:41 +0000, John Hearns wrote:
> > traceroute
> > nmap 
> 
> Oh No! They aren't installed and apt-get from ubuntu crashes out with a
> site its trying to access which is on port 80 I suspect (an http site in
> the stuff that scrolls past very quickly as it bombs out). I can't even
> diagnose...

Does FTP work?

If so then you can manually download the right packages for your
versions of Ubuntu from ftp://gb.archive.ubuntu.com/ubuntu/pool/
and install them using "dpkg -i <package>".


Tethys' suggestion of running tcpdump on the internal and external
interfaces of the IPCop firewall is the best way of finding out if
it is blocking or redirecting traffic in any way. You don't have to
worry too much about the details, just that there is some output
when run on eth1 (assuming that eth1 if your RED interface).


Other things to check:

1) Bypass the IPCop firewall by connecting a well-secured machine
directly to the ADSL router and see what if available.

2) Is any device (especially the IPCop machine) doing transparent
web proxying?

3) Does the IPCop firewall have any "addons"? Especially anything to
do with IP address blocking, web caching, or anti-virus scanning.

4) On the IPCop firewall, run:
        grep 'port=80' /proc/net/ip_conntrack 
to list contents of the IP conntrack with source or destination of
port 80.

5) If both the ADSL router and IPCop firewall are doing NAT, then
double NAT'ing may cause problems. Though I would expect this to
effect more than just a single TCP port.

6) Lastly, have you contacted your ISP? Some do stupid things with
transparent web proxying and may have messed something up. Not that
most are likely to admit to doing that...


-- 
#---------------------------------------------------------#
|    John Edwards   Email: john at cornerstonelinux.co.uk    |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20091115/03bb8c00/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list