[sclug] Strange networking problem

[Bob Franklin]

On Sat, 8 Oct 2005, Derek M Jones wrote:

> I can telnet and ftp from it to other boxes.  However, attempting an 
> mget, or get, from ftp results in a long delay and no files being 
> transfered.

This sounds like it has firewall rules that do not handle the active FTP 
portion of FTP working; perhaps the ip_conntrack_ftp module isn't 
compiled.  Or perhaps it isn't tracking connections from itself?

My home Linux router/firewall has this problem, because it is largely just 
set to block TCP connections which didn't originate from itself (the 
simple 'established' check); connections being routed through it were OK, 
because ip_conntrack_ftp picked them up.

Have you tried checking 'passive' mode is on in FTP (I think it usually is 
in FTP by default now, though)?


> firefox has no luck obtaining an address for any url I type in.

This sounds like the DNS reply UDP packets not getting back in.


> Most interesting of all.  I installed a program, working under Suse 9.3 
> and get the message on the server:
>
> _X11TransSocketINETConnect: Can't connect: errno = 111 Epsilon: Cannot 
> connect to C server: 127.0.0.1:0.0

That seems quite common these days (I thought it had been for a while); 
usually local connections are made through the UNIX domain socket.  If you 
want to allow stuff to connect via loopback, you probably have to do 
'xhost +localhost' (IIRC - long time since I used X).


A simple test to all these is to turn off the firewall on the box (I think 
SuSE has a YAST option for this) and see if that makes a difference.


If anyone knows a way to get the ip_conntrack_XXX stuff working for 
things originating on the local machine, I would be interested -- I 
currently have a pile of permits for DNS, DHCP, NTP, etc. reply packets!

   - Bob


-- 
  Bob Franklin <r.c.franklin at reading.ac.uk>          +44 (0)118 378 7147
  Systems and Communications, IT Services, The University of Reading, UK