[sclug] Strange networking problem

Derek M Jones derek at knosof.co.uk
Sat Oct 8 15:35:34 UTC 2005


Bob,

Thanks for the detailed suggestions.

There is a firewall running.  What has confused me is
that the laptop install went ok (the only differences
being number of packages installed and obviously the hardware).
Thanks to Paul Weaver for pointing out a possible firewall issue.

Yours suggestions have given me some pointers that I can go
and check out.

I had the 'bright' idea of doing a minimal Suse 9.3 install
followed by an upgrade to 10.0.  The 9.3 install went fine,
it does install and start a firewall.  I have no problem with
networking.

Having gotten this far I will try an upgrade, rather than full install,
to 10.0.

I will keep you posted.

Bob Franklin wrote:
> On Sat, 8 Oct 2005, Derek M Jones wrote:
> 
>> I can telnet and ftp from it to other boxes.  However, attempting an 
>> mget, or get, from ftp results in a long delay and no files being 
>> transfered.
> 
> 
> This sounds like it has firewall rules that do not handle the active FTP 
> portion of FTP working; perhaps the ip_conntrack_ftp module isn't 
> compiled.  Or perhaps it isn't tracking connections from itself?
> 
> My home Linux router/firewall has this problem, because it is largely 
> just set to block TCP connections which didn't originate from itself 
> (the simple 'established' check); connections being routed through it 
> were OK, because ip_conntrack_ftp picked them up.
> 
> Have you tried checking 'passive' mode is on in FTP (I think it usually 
> is in FTP by default now, though)?
> 
> 
>> firefox has no luck obtaining an address for any url I type in.
> 
> 
> This sounds like the DNS reply UDP packets not getting back in.
> 
> 
>> Most interesting of all.  I installed a program, working under Suse 
>> 9.3 and get the message on the server:
>>
>> _X11TransSocketINETConnect: Can't connect: errno = 111 Epsilon: Cannot 
>> connect to C server: 127.0.0.1:0.0
> 
> 
> That seems quite common these days (I thought it had been for a while); 
> usually local connections are made through the UNIX domain socket.  If 
> you want to allow stuff to connect via loopback, you probably have to do 
> 'xhost +localhost' (IIRC - long time since I used X).
> 
> 
> A simple test to all these is to turn off the firewall on the box (I 
> think SuSE has a YAST option for this) and see if that makes a difference.
> 
> 
> If anyone knows a way to get the ip_conntrack_XXX stuff working for 
> things originating on the local machine, I would be interested -- I 
> currently have a pile of permits for DNS, DHCP, NTP, etc. reply packets!
> 
>   - Bob
> 
> 

-- 
Derek M. Jones                              tel: +44 (0) 1252 520 667
Knowledge Software Ltd                      mailto:derek at knosof.co.uk
Applications Standards Conformance Testing    http://www.knosof.co.uk


More information about the Sclug mailing list