On Thu, 18 May 2000, Peter Nelson wrote:
> On Wed, May 17, 2000 at 07:41:17PM -0300 or thereabouts, Christian Robottom Reis
>wrote:
> >
> > I rather think now this isn't a masquerading problem at all. I have no
> > idea, actually what it is. From an internal (masqueraded) box, I issue:
> >
> > blackjesus:/usr/src> telnet nfs.sourceforge.net 80
> > Trying 198.186.203.44...
> > Connected to nfs.sourceforge.net.
> > Escape character is '^]'.
> > HEAD / HTTP/1.0
> [snip]
> >
> > * Which means an HTTP HEAD is coming back fine. However, when I try and
> > issue a
> >
> > blackjesus:/usr/src> telnet nfs.sourceforge.net 80
> > Trying 198.186.203.44...
> > Connected to nfs.sourceforge.net.
> > Escape character is '^]'.
> > GET / HTTP/1.0
> > Host: nfs.sourceforge.net
> >
> > (... time passes)
> >
> > * I'm left hung (left this on for minutes with nothing ever coming back),
> > for no reason. Nothing ever hits my incoming interface again.
> >
> > This does not happen on my gateway, which has a real IP, but I now think
> > this has only to do with port numbers. Could this be.. *gasp* an ident
> > problem?! Network security blocking high port numbers? Anyone?
>
> I've just checked this on my masqueraded network, and it does exactly
> the same. I have experienced this before on other sites (hotmail.com is
> one I remember.)
>
> /peter (with a correct reply address now 8) )
>
Just a shot in the dark - how is your firewall handling ident requests?
Are you accepting them on the firewall? If so, what may be happening is
that the web site is asking the firewall who is connecting. If you are
connecting from the firewall, it returns a valid reply, but with the
standard ident, if you are connecting through the fire wall, it will
return a message that says the process making the connection doesn't
exist, or no user owns the process making the connection. If you reject
the ident connections, you don't usualy have a problem. (don't use deny,
unless you want a delay while the connection times out.)
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
