In article <[EMAIL PROTECTED]>,
Jay Barbee <[EMAIL PROTECTED]> wrote:
>I have a reoccurring problem that can be solved by a reboot, but I would
>rather fix the problem now so I know what is going on. It is a fairly
>awkward error that just started again on my system after working for
>17-days without reboot.
>
>My home linux box is on a network and is a gateway to the Internet via a
>PPP dial up account. IPchains is setup and working like a champ, but now
>my system is to the point where it's clients do not communicate (for lack
>of a better word) with daemons at my work.
>
>If I try to FTP to my linux box at work from my linux box at home (via PPP)
>it simply hangs on the client end and gives the following message on the
>server side:
>
>Feb 16 19:18:03 torch wu-ftpd[32109]: warning: can't get client address:
>Connection reset by peer
>Feb 16 19:18:03 torch wu-ftpd[32109]: connect from unknown
>Feb 16 19:18:03 torch syslog: getpeername (wu-ftpd): Transport endpoint is
>not connected
>Feb 16 19:18:06 torch wu-ftpd[32109]: FTP session closed
>
>Similar messages with telnetd occur. However, I can use SSH just fine.
>While I thought this was a IPmasq problem, it seems that I do have the same
>scenario on my local net with just this linux server.
Sounds like you're blocking high TCP ports on your Linux box at home.
Over time your Linux box will start using higher and higher port numbers
for the client side of peer connections and eventually you'll hit one of
the addresses you're blocking.
ssh will work because it's probably configured to try to use a port below
1024. I think you'll find rsh works too. I've seen this enough times;
people keep forgetting that there are _two_ port numbers to worry about in
every TCP connection.
You should put the '-l' option on all of your ipchains commands that deny
packets. That way you should see the problem right away.
>All other systems in my local home network can get to the Internet with all
>of their clients (telnet, ftp, etc.) through the troubled server without a
>hitch. Strange, but I am not sure how to correct this problem or go about
>troubleshooting my home linux server?
If you're only blocking high TCP ports on an input rule with the destination
address set to your server, then you'll see this. Forwarded traffic won't
be affected.
--
Zygo Blaxell, Linux Engineer, Corel Corporation, [EMAIL PROTECTED] (work),
[EMAIL PROTECTED] (play). It's my opinion, I tell you! Mine! All MINE!
Size of 'diff -Nurw [...] winehq corel' as of Wed Feb 17 16:14:00 EST 1999
Lines/files: In 234 / 1, Out 32801 / 417, Both 33034 / 418
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
