Re: F29 Wail at the Firewall (long; sorry!)
On Wed, 12 Dec 2018 10:57:46 -0700, Joe Zeff wrote: > On 12/12/2018 08:16 AM, Beartooth wrote: >> On Tue, 11 Dec 2018 15:15:49 -0800, Samuel Sieb wrote: >> >>> traceroute beartooth.info traceroute -I beartooth.info traceroute -T >>> -p 999 beartooth.info >>> >>> Some (or all) or those might require root, so best to just use root. > > [results snipped] > > All three fail after this machine: > 13 vps5.netwisp.com (216.86.153.98) 41.450 ms 41.424 ms 41.978 ms > Presumably, the next machine (whatever it is) is where the trouble is. > You may need to discuss this with the technical contact for netwisp.com. I've just sent that on to the guys at Netwisp (who, btw, have always been friendly and helpful at every need of mine), and referred them to the fact that this list is carried on Gmane as Fedora.general. Many thanks to all for the help so far, and please stay tuned! -- Beartooth Staffwright, Erstwhile Historian of Tongues Sclerotic Squirreler, Double Retiree, Linux Evangelist ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/12/2018 08:16 AM, Beartooth wrote: On Tue, 11 Dec 2018 15:15:49 -0800, Samuel Sieb wrote: traceroute beartooth.info traceroute -I beartooth.info traceroute -T -p 999 beartooth.info Some (or all) or those might require root, so best to just use root. [results snipped] All three fail after this machine: 13 vps5.netwisp.com (216.86.153.98) 41.450 ms 41.424 ms 41.978 ms Presumably, the next machine (whatever it is) is where the trouble is. You may need to discuss this with the technical contact for netwisp.com. BTW, traceroute itself doesn't need root. I don't know about -T, as I've never used it, but -I certainly does. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On Tue, 11 Dec 2018 15:15:49 -0800, Samuel Sieb wrote: > traceroute beartooth.info > traceroute -I beartooth.info > traceroute -T -p 999 beartooth.info > > Some (or all) or those might require root, so best to just use root. [root@localhost ~]# traceroute beartooth.info traceroute to beartooth.info (208.100.51.176), 30 hops max, 60 byte packets 1 router.asus.com (192.168.50.1) 0.345 ms 0.351 ms 0.380 ms 2 96.120.18.205 (96.120.18.205) 8.921 ms 8.927 ms 8.950 ms 3 68.86.126.77 (68.86.126.77) 8.856 ms 8.862 ms 9.786 ms 4 ae-18-ar02.charlvilleco.va.richmond.comcast.net (68.86.173.213) 13.532 ms 13.525 ms 13.519 ms 5 be-21508-cr02.ashburn.va.ibone.comcast.net (68.86.91.53) 18.626 ms 18.601 ms 17.308 ms 6 be-10142-pe01.ashburn.va.ibone.comcast.net (68.86.86.34) 15.974 ms 14.561 ms 14.933 ms 7 ash-b1-link.telia.net (62.115.149.64) 15.309 ms 15.297 ms 15.642 ms 8 ash-bb4-link.telia.net (213.155.136.38) 42.048 ms ash-bb3- link.telia.net (62.115.143.78) 42.345 ms ash-bb4-link.telia.net (213.155.136.38) 45.846 ms 9 * nyk-bb4-link.telia.net (62.115.136.200) 42.341 ms 42.331 ms 10 chi-b21-link.telia.net (80.91.246.162) 42.406 ms 43.229 ms chi-b21- link.telia.net (62.115.137.59) 41.800 ms 11 steadfast-ic-332234-chi-b21.c.telia.net (213.248.67.149) 41.714 ms 42.734 ms 42.725 ms 12 te9-1.dist02.chi01.steadfast.net (208.100.32.35) 42.285 ms 41.651 ms 42.436 ms 13 vps5.netwisp.com (216.86.153.98) 41.450 ms 41.424 ms 41.978 ms 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * [root@localhost ~]# traceroute -I beartooth.info traceroute to beartooth.info (208.100.51.176), 30 hops max, 60 byte packets 1 router.asus.com (192.168.50.1) 0.237 ms 0.266 ms 0.307 ms 2 96.120.18.205 (96.120.18.205) 9.846 ms 9.917 ms 9.933 ms 3 68.86.126.77 (68.86.126.77) 9.821 ms 9.855 ms 9.872 ms 4 ae-18-ar02.charlvilleco.va.richmond.comcast.net (68.86.173.213) 14.087 ms 14.102 ms 14.116 ms 5 be-21508-cr02.ashburn.va.ibone.comcast.net (68.86.91.53) 17.025 ms 17.043 ms 17.058 ms 6 be-10142-pe01.ashburn.va.ibone.comcast.net (68.86.86.34) 16.529 ms 15.076 ms 15.073 ms 7 ash-b1-link.telia.net (62.115.149.64) 15.498 ms 15.429 ms 15.789 ms 8 ash-bb4-link.telia.net (213.155.136.38) 42.239 ms 42.662 ms 42.656 ms 9 nyk-bb4-link.telia.net (62.115.136.200) 42.064 ms 42.070 ms 42.071 ms 10 chi-b21-link.telia.net (62.115.137.59) 42.314 ms 42.347 ms 42.718 ms 11 steadfast-ic-332234-chi-b21.c.telia.net (213.248.67.149) 42.626 ms 42.627 ms 42.689 ms 12 te9-1.dist02.chi01.steadfast.net (208.100.32.35) 42.721 ms 42.944 ms 42.966 ms 13 vps5.netwisp.com (216.86.153.98) 42.667 ms 42.055 ms 42.456 ms 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * [root@localhost ~]# traceroute -T -p 999 beartooth.info traceroute to beartooth.info (208.100.51.176), 30 hops max, 60 byte packets 1 router.asus.com (192.168.50.1) 0.301 ms 0.311 ms 0.349 ms 2 96.120.18.205 (96.120.18.205) 9.202 ms 9.225 ms 9.230 ms 3 68.86.126.77 (68.86.126.77) 9.098 ms 9.103 ms 9.111 ms 4 ae-18-ar02.charlvilleco.va.richmond.comcast.net (68.86.173.213) 12.979 ms 12.984 ms 14.122 ms 5 be-21508-cr02.ashburn.va.ibone.comcast.net (68.86.91.53) 17.858 ms 17.024 ms 17.849 ms 6 be-10142-pe01.ashburn.va.ibone.comcast.net (68.86.86.34) 16.949 ms 15.445 ms 15.346 ms 7 ash-b1-link.telia.net (62.115.149.64) 15.401 ms 14.593 ms 14.946 ms 8 ash-bb3-link.telia.net (80.91.248.156) 42.291 ms ash-bb3- link.telia.net (62.115.143.78) 42.257 ms ash-bb4-link.telia.net (213.155.136.38) 42.109 ms 9 nyk-bb3-link.telia.net (62.115.141.245) 21.781 ms nyk-bb4- link.telia.net (62.115.136.200) 42.064 ms 42.046 ms 10 chi-b21-link.telia.net (62.115.137.59) 41.892 ms chi-b21- link.telia.net (80.91.246.162) 43.207 ms 44.869 ms 11 steadfast-ic-332234-chi-b21.c.telia.net (213.248.67.149) 44.048 ms 44.008 ms 43.130 ms 12 te9-1.dist02.chi01.steadfast.net (208.100.32.35) 43.129 ms 43.119 ms 44.260 ms 13 vps5.netwisp.com (216.86.153.98) 44.261 ms 42.394 ms 43.586 ms 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * [root@localhost ~]# ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/12/18 9:44 AM, Ed Greshko wrote: > I will check again in a few hours, but I think the defense may drop after a > time. Yep, 1 hour later and "traceroute -n -T -p 999 beartooth.info" reaches 208.100.51.176. -- Right: I dislike the default color scheme Wrong: What idiot picked the default color scheme ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
Allegedly, on or about 11 December 2018, Joe Zeff sent: > If you can't ping someplace, traceroute will show you where the > problem is, because it will stop getting responses. Though you still have to think about it (it's only part of a diagnosis). That failure just means the device doesn't respond to that type of probing. There's plenty of otherwise fully functional things that ignore pings and other probing. -- [tim@localhost ~]$ uname -rsvp Linux 4.16.11-100.fc26.x86_64 #1 SMP Tue May 22 20:02:12 UTC 2018 x86_64 Boilerplate: All mail to my mailbox is automatically deleted. There is no point trying to privately email me, I only get to see the messages posted to the mailing list. Using Windows software is like coating all your handtools with sewage. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/12/18 7:15 AM, Samuel Sieb wrote: > > traceroute beartooth.info > traceroute -I beartooth.info > traceroute -T -p 999 beartooth.info > > Some (or all) or those might require root, so best to just use root. I was able to get the failure condition again. This is from a working system [root@acer egreshko]# traceroute -n -T -p 999 beartooth.info traceroute to beartooth.info (208.100.51.176), 30 hops max, 60 byte packets 1 211.75.128.254 6.136 ms 6.076 ms 6.208 ms 2 168.95.229.46 6.158 ms 6.078 ms 6.025 ms 3 220.128.27.94 6.525 ms 6.485 ms 6.437 ms 4 220.128.7.69 6.788 ms 220.128.14.93 6.325 ms 220.128.7.69 6.675 ms 5 220.128.30.253 14.755 ms 14.658 ms 220.128.6.85 6.458 ms 6 211.72.108.81 154.862 ms 154.813 ms 211.72.108.49 144.515 ms 7 202.39.83.45 152.368 ms 202.39.83.77 152.717 ms 152.691 ms 8 4.28.172.121 166.896 ms 4.28.172.129 144.516 ms 142.168 ms 9 * * * 10 4.71.248.202 195.003 ms 205.495 ms 193.438 ms 11 208.100.32.35 301.100 ms 205.363 ms 215.205 ms 12 216.86.153.98 205.625 ms 215.884 ms 215.802 ms 13 208.100.51.176 203.412 ms 215.869 ms 189.607 ms [root@acer egreshko]# host 208.100.51.176 176.51.100.208.in-addr.arpa domain name pointer artemis.beartooth.info. And this is from a failing one... [root@meimei ~]# traceroute -n -T -p 999 beartooth.info traceroute to beartooth.info (208.100.51.176), 30 hops max, 60 byte packets 1 192.168.1.1 1.198 ms 0.321 ms 0.454 ms 2 211.75.128.254 8.701 ms 8.184 ms 9.475 ms 3 168.95.229.46 9.358 ms 10.435 ms 7.877 ms 4 220.128.27.94 10.369 ms 9.341 ms 10.332 ms 5 220.128.14.93 8.145 ms 8.735 ms 9.284 ms 6 220.128.6.81 10.359 ms * 9.139 ms 7 211.72.108.5 153.147 ms 211.72.108.49 148.277 ms 211.72.108.5 153.197 ms 8 202.39.83.45 141.591 ms 144.909 ms 202.39.83.77 169.003 ms 9 4.28.172.121 148.228 ms 144.076 ms 4.28.172.129 154.525 ms 10 * * * 11 4.71.248.202 216.858 ms 202.435 ms 216.704 ms 12 208.100.32.35 216.585 ms 202.665 ms 216.622 ms 13 216.86.153.98 216.773 ms 216.103 ms 216.158 ms 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * FWIW, I think I triggered the "defensive" response by doing a port scan on 208.100.51.176. I will check again in a few hours, but I think the defense may drop after a time. -- Right: I dislike the default color scheme Wrong: What idiot picked the default color scheme ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/11/18 2:36 PM, Ed Greshko wrote: > On 12/12/18 6:12 AM, Rick Stevens wrote: >> On 12/11/18 1:52 PM, Ed Greshko wrote: >>> >>> I get the feeling the folks at Netwisp, Inc. are doing something to >>> "prevent" hacking. >> Yup. Tried three times from our ASN from two different machines. All >> the test machines are behind a firewall (Cisco 65xx) and only one has >> a reverse DNS record. > > Not quite understanding what you're saying. > > The 2 different machines are in the ASN and work all the time? Are they > pingable? Both are part of our public /22 address space and have public IPs. We do our own DNS and one of the machines I used has a PTR record. The other one doesn't (it has a public IP, but no PTR record as it's part of a load-balanced cluster and the PTR record for the cluster points at the VIP--not the RIP). > All of my assigned IP addresses (even IPV6) have PTR records courtesy of my > ISP. In my > case it just seems to be a case of the IP that the beartooth side sees as the > incoming > connection being pingable or not. > > [Real-Time Update] > > Decided to connect again from my system(s) behind my router and it now works > all time time! > > Odd, very odd. Yup. It may be that Netwisp is doing something weird. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 226437340 Yahoo: origrps2 - -- -"Jimmie crack corn and I don't care." What kind of a lousy attitude - - is THAT to have, huh? -- Dennis Miller - -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/11/2018 04:04 PM, Beartooth wrote: Hoo, boy! I haven't so much as heard of traceroute in ten or fifteen years, and never did grep its uses. I can look it up, of course, but it might be worth your while to just tell me a command (and to use it as root if that should be desirable). For all practical purposes, traceroute pings each hop along the way to the destination three times. (That's not really how it does it, but don't worry about it.) If you can't ping someplace, traceroute will show you where the problem is, because it will stop getting responses. Also, if you've got a slow connection, you can tell where the issue is because the return times will suddenly jump. The only time you need root for it is for traceroute -I, because that uses ICMP ECHO for probes, but can get response where nothing else does. Back when I was doing tech support for an ISP, we used it all the time on calls to find out why connections were slow, and usually to show the caller that it was outside our network. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/11/18 3:04 PM, Beartooth wrote: Hoo, boy! I haven't so much as heard of traceroute in ten or fifteen years, and never did grep its uses. I can look it up, of course, but it might be worth your while to just tell me a command (and to use it as root if that should be desirable). traceroute beartooth.info traceroute -I beartooth.info traceroute -T -p 999 beartooth.info Some (or all) or those might require root, so best to just use root. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On Tue, 11 Dec 2018 14:23:59 -0800, Samuel Sieb wrote: > On 12/11/18 1:54 PM, Beartooth wrote: >> On Tue, 11 Dec 2018 12:53:03 -0800, Samuel Sieb wrote: >>> I can connect to that port fine. Do you have something like fail2ban >>> on the server that would block your connection? Can you try >>> connecting from another location? >> >> I thought I had fail2ban, but rpm -q says not. >> >> I tried just now on my little netbook, and got what looks to me >> to be the same: > > But you're still trying from the same location, right? Yes: it's a different machine in the next room, using my one access route. > But as others > have said, it depends on where you try from whether or not it works. So > it sounds like a networking issue somewhere. It could be the server, > the hosting provider, or your internet provider. What happens if you > try using traceroute? Hoo, boy! I haven't so much as heard of traceroute in ten or fifteen years, and never did grep its uses. I can look it up, of course, but it might be worth your while to just tell me a command (and to use it as root if that should be desirable). ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/12/18 6:12 AM, Rick Stevens wrote: > On 12/11/18 1:52 PM, Ed Greshko wrote: >> >> I get the feeling the folks at Netwisp, Inc. are doing something to >> "prevent" hacking. > Yup. Tried three times from our ASN from two different machines. All > the test machines are behind a firewall (Cisco 65xx) and only one has > a reverse DNS record. Not quite understanding what you're saying. The 2 different machines are in the ASN and work all the time? Are they pingable? All of my assigned IP addresses (even IPV6) have PTR records courtesy of my ISP. In my case it just seems to be a case of the IP that the beartooth side sees as the incoming connection being pingable or not. [Real-Time Update] Decided to connect again from my system(s) behind my router and it now works all time time! Odd, very odd. -- Right: I dislike the default color scheme Wrong: What idiot picked the default color scheme ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/11/18 1:54 PM, Beartooth wrote: On Tue, 11 Dec 2018 12:53:03 -0800, Samuel Sieb wrote: I can connect to that port fine. Do you have something like fail2ban on the server that would block your connection? Can you try connecting from another location? I thought I had fail2ban, but rpm -q says not. I tried just now on my little netbook, and got what looks to me to be the same: But you're still trying from the same location, right? But as others have said, it depends on where you try from whether or not it works. So it sounds like a networking issue somewhere. It could be the server, the hosting provider, or your internet provider. What happens if you try using traceroute? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/11/18 1:52 PM, Ed Greshko wrote: > On 12/12/18 5:25 AM, Rick Stevens wrote: >> I just did the same. From a Spectrum IP here in Orange County, CA, >> the system doesn't respond (and Spectrum is a Comcast company). >> >> From a monitoring system in our ASN (a /22 network), it works peachy: > > Interesting > > Could you try it a second time? I ask since I tried from Taiwan. The first > attempt.. > > [egreshko@meimei etc]$ ssh -v bearto...@beartooth.info -p 999 > OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS 11 Sep 2018 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf > debug1: Reading configuration data > /etc/crypto-policies/back-ends/openssh.config > debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for * > debug1: Connecting to beartooth.info [208.100.51.176] port 999. > debug1: Connection established. > . > . > . > The authenticity of host '[beartooth.info]:999 ([208.100.51.176]:999)' can't > be established. > ECDSA key fingerprint is SHA256:KC2aZ8T2NiqBIcjVVrhwXfPgHunj2BtECvty3QGEzxc. > Are you sure you want to continue connecting (yes/no)? no > > The second time... > > [egreshko@meimei etc]$ ssh -v bearto...@beartooth.info -p 999 > OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS 11 Sep 2018 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf > debug1: Reading configuration data > /etc/crypto-policies/back-ends/openssh.config > debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for * > debug1: Connecting to beartooth.info [208.100.51.176] port 999. > ssh: connect to host beartooth.info port 999: Connection timed out > > This happens with a system that is behind a router and the router is not > pingable. > > If I try from another host that is directly connected to the Internet and is > pingable then > connections work all the time. > > I get the feeling the folks at Netwisp, Inc. are doing something to "prevent" > hacking. Yup. Tried three times from our ASN from two different machines. All the test machines are behind a firewall (Cisco 65xx) and only one has a reverse DNS record. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 226437340 Yahoo: origrps2 - -- - LOOK OUT!!! BEHIND YOU!!! - -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On Tue, 11 Dec 2018 12:53:03 -0800, Samuel Sieb wrote: > On 12/11/18 12:11 PM, Beartooth wrote: >> ssh -v bearto...@beartooth.info -p 999 debug1: Connecting to >> beartooth.info [208.100.51.176] port 999. >> debug1: connect to address 208.100.51.176 port 999: Connection timed >> out ssh: connect to host beartooth.info port 999: Connection timed out > > I can connect to that port fine. Do you have something like fail2ban on > the server that would block your connection? Can you try connecting > from another location? I thought I had fail2ban, but rpm -q says not. I tried just now on my little netbook, and got what looks to me to be the same: btth@Redback ~]$ ssh -v bearto...@beartooth.info -p 999 OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS 11 Sep 2018 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/ openssh.config debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for * debug1: Connecting to beartooth.info [208.100.51.176] port 999. debug1: connect to address 208.100.51.176 port 999: Connection timed out ssh: connect to host beartooth.info port 999: Connection timed out [btth@Redback ~]$ -- Beartooth Staffwright, Erstwhile Historian of Tongues Sclerotic Squirreler, Double Retiree, Linux Evangelist ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/12/18 5:25 AM, Rick Stevens wrote: > I just did the same. From a Spectrum IP here in Orange County, CA, > the system doesn't respond (and Spectrum is a Comcast company). > > From a monitoring system in our ASN (a /22 network), it works peachy: Interesting Could you try it a second time? I ask since I tried from Taiwan. The first attempt.. [egreshko@meimei etc]$ ssh -v bearto...@beartooth.info -p 999 OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS 11 Sep 2018 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for * debug1: Connecting to beartooth.info [208.100.51.176] port 999. debug1: Connection established. . . . The authenticity of host '[beartooth.info]:999 ([208.100.51.176]:999)' can't be established. ECDSA key fingerprint is SHA256:KC2aZ8T2NiqBIcjVVrhwXfPgHunj2BtECvty3QGEzxc. Are you sure you want to continue connecting (yes/no)? no The second time... [egreshko@meimei etc]$ ssh -v bearto...@beartooth.info -p 999 OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS 11 Sep 2018 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for * debug1: Connecting to beartooth.info [208.100.51.176] port 999. ssh: connect to host beartooth.info port 999: Connection timed out This happens with a system that is behind a router and the router is not pingable. If I try from another host that is directly connected to the Internet and is pingable then connections work all the time. I get the feeling the folks at Netwisp, Inc. are doing something to "prevent" hacking. -- Right: I dislike the default color scheme Wrong: What idiot picked the default color scheme ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/11/18 12:53 PM, Samuel Sieb wrote: > On 12/11/18 12:11 PM, Beartooth wrote: >> ssh -v bearto...@beartooth.info -p 999 >> debug1: Connecting to beartooth.info [208.100.51.176] port 999. >> debug1: connect to address 208.100.51.176 port 999: Connection timed out >> ssh: connect to host beartooth.info port 999: Connection timed out > > I can connect to that port fine. Do you have something like fail2ban on > the server that would block your connection? Can you try connecting > from another location? I just did the same. From a Spectrum IP here in Orange County, CA, the system doesn't respond (and Spectrum is a Comcast company). From a monitoring system in our ASN (a /22 network), it works peachy: CUT HERE - # ssh -v -p 999 208.100.51.176 OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 208.100.51.176 [208.100.51.176] port 999. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-sha1 none debug1: kex: client->server aes128-ctr hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '[208.100.51.176]:999' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:40 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Offering public key: /root/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Trying private key: /root/.ssh/id_dsa debug1: Next authentication method: password root@208.100.51.176's password: CUT HERE - So, it could be that Comcast/Spectrum has blacklisted that IP or its /24 block (appears to be owned by Netwisp, Inc.). Or that system is doing something like reverse DNS lookups that aren't resolving and thus blocking things. Dunno which. Looks like an argument you need to have with Comcast to see if they're blacklisting it and if so, why? -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 226437340 Yahoo: origrps2 - -- - IGNORE that man behind the keyboard! - -- The Wizard of OS - -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/11/18 12:11 PM, Beartooth wrote: ssh -v bearto...@beartooth.info -p 999 debug1: Connecting to beartooth.info [208.100.51.176] port 999. debug1: connect to address 208.100.51.176 port 999: Connection timed out ssh: connect to host beartooth.info port 999: Connection timed out I can connect to that port fine. Do you have something like fail2ban on the server that would block your connection? Can you try connecting from another location? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On Tue, 11 Dec 2018 11:59:20 -0800, Samuel Sieb wrote: > On 12/11/18 11:04 AM, Beartooth wrote: >> We've been unable for days to connect to our email at my domain; >> when we try our usual ssh -p , we >> get nothing but eventually "Connection timed out" -- even after having >> left it all night. > > How are you using ssh to get your email? I use it to get to the CLI at my host, sign in, command Alpine, give the password again, and then run Alpine -- which I've been using for nearer thirty years than twenty. > What port are you using? 999 ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On Tue, 11 Dec 2018 12:53:03 -0700, stan wrote: > I think I understand better what is happening. Whether I can help I > don't know. A summary: > > You have no problem with your ISP (Comcast). Your problem is with the > third party that handles your private domain for email. When you try to > connect to that site via ssh, the connection attempts time out. Yes, exactly. > This sounds like an ssh configuration issue, not a firewall issue. I'm > not very familiar with ssh since I don't use it a lot, but here goes. > > Are you using key based login rather than password login? No; I don't even know what the former is. > If you are, is it possible the keys are incorrect with f29, and you need > to generate new keys? > > Have you tried using the -v option to ssh, the verbose option for > debugging so you can see what is happening with the connection process? ssh -v bearto...@beartooth.info -p 999 OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS 11 Sep 2018 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/ openssh.config debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for * debug1: Connecting to beartooth.info [208.100.51.176] port 999. debug1: connect to address 208.100.51.176 port 999: Connection timed out ssh: connect to host beartooth.info port 999: Connection timed out [btth@localhost ~]$ > Perhaps someone more knowledgeable about ssh will immediately point to > the problem for you. I hope the above helps someone. I've been using ssh ever since telnet became unsafe, and never thought to look at options, fool that I am. It has just worked for about twenty years. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/11/18 11:04 AM, Beartooth wrote: > On Sun, 09 Dec 2018 15:27:32 -0700, stan wrote: > >> On Sun, 9 Dec 2018 19:00:25 + (UTC) >> I Beartooth wrote: >> >>> I do some of my email and all of my Gmane activity (including >>> this list) at the address above, from my local access provider, >>> Comcast; but I do most of my email (and my wife does all of hers) at my >>> own domain, to which we connect by ssh. > >>> Recently we've been moving machines about physically, from >>> floor to floor and connection to connection. We've also been getting >>> lots of timeouts. When I asked my domain host about it, he told me it >>> was my own firewall cutting us off. It blocks connections out from our >>> IP address if they fail more than it likes. > > (If he said what caused the initial, triggering failure to > connect, I missed it.) > >> This doesn't make sense to me, unless you have restrictive firewalls on >> your local net in front of the web access. Moving a machine should be >> irrelevant. Fedora's default setting for the firewall is to let nothing >> initiate connections to the system except ssh, and to let anything on >> the system that wants to reach the net do so. If you haven't changed it >> on any of your machines, that is what should be happening. > > It makes no sense to me either, and I don't even know how to > access the firewall; it pretty well has to be whatever F29 defaults to. > >> Are you maybe using wireless, and getting problematic connections with >> lower (or no) speeds in different locations? > > My current router is an ASUS AC-1200, which does both, and we use > both. After fifteen years in this house, and half a dozen routers, we > have a fair idea which locations a wireless access point can reach. We > stick to those when (rarely) we use Wi-Fi. We keep it available mainly > for house guests. > >>> So, I THINK, I ought to enlarge a/o lubricate the opening in >>> the firewall that lets US out, but not make it any easier than I can >>> help for supposed malware to get out. Does that make sense? >>> >>> If so, where do I go (i.e., what file do I open), and what >>> changes do I make, to accomplish that? >> >> I don't think this should be necessary if you are using default Fedora >> settings. Use the program firewall-config (man firewall-config) to look >> at what the firewall settings are on each system. Mine is set to public >> (meaning roughly that I am exposed to the public web, and thus don't >> trust the network I'm on, so play safe). >> >> I used to have all kinds of elaborate rules in my iptables configuration >> (which is what the firewall uses under the covers), but eventually just >> caved and let the firewalld configuration set it. > > We've been unable for days to connect to our email at my domain; > when we try our usual ssh -p , we get > nothing but eventually "Connection timed out" -- even after having left > it all night. > > From my Comcast account, I emailed support at my host (two guys in > a suburb of Chicago afaict). The answer made no sense to me, but > I recited it as best I could to this list-- and meseems it made no sense > here, either. > > According to them, my own firewall cuts us (i.e., our whole IP) off > when we try too many times too soon to connect. (We do that, of course, > by hitting up arrow and Enter.) > > Am I making any more sense yet? Well, yeah, but I really, REALLY doubt it's your router. I've used that model of router myself. While I was never a big fan of its wifi abilities (kinda wimpy for my house), wired connections through it never failed. Unless you took a power hit, did a firmware update or some other action to your router, I doubt it's your problem. Those routers do have a log in them. Check it to see if you see anything like what they're claiming. A far more likely candidate is that the cable modem got an update from Comcast (they do that on occasion and without telling you) and it's screwed up. I had a similar issue with Spectrum (a Comcast company) here. By use of traceroutes and tcpdumps, I proved that their modem was the problem. They reflashed my cable modem to the previous firmware it had (and I had a record of what it was) and suddenly everything was tickety-boo again. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 226437340 Yahoo: origrps2 - -- - To understand recursion, you must first understand recursion.- -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines:
Re: F29 Wail at the Firewall (long; sorry!)
On 12/11/18 11:04 AM, Beartooth wrote: We've been unable for days to connect to our email at my domain; when we try our usual ssh -p , we get nothing but eventually "Connection timed out" -- even after having left it all night. How are you using ssh to get your email? What port are you using? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On Tue, 11 Dec 2018 19:04:17 + (UTC) Beartooth wrote: > According to them, my own firewall cuts us (i.e., our whole IP) > off when we try too many times too soon to connect. (We do that, of > course, by hitting up arrow and Enter.) > > Am I making any more sense yet? I think I understand better what is happening. Whether I can help I don't know. A summary: You have no problem with your ISP (Comcast). Your problem is with the third party that handles your private domain for email. When you try to connect to that site via ssh, the connection attempts time out. This sounds like an ssh configuration issue, not a firewall issue. I'm not very familiar with ssh since I don't use it a lot, but here goes. Are you using key based login rather than password login? If you are, is it possible the keys are incorrect with f29, and you need to generate new keys? Have you tried using the -v option to ssh, the verbose option for debugging so you can see what is happening with the connection process? Perhaps someone more knowledgeable about ssh will immediately point to the problem for you. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On Sun, 09 Dec 2018 15:27:32 -0700, stan wrote: > On Sun, 9 Dec 2018 19:00:25 + (UTC) > I Beartooth wrote: > >> I do some of my email and all of my Gmane activity (including >> this list) at the address above, from my local access provider, >> Comcast; but I do most of my email (and my wife does all of hers) at my >> own domain, to which we connect by ssh. >> Recently we've been moving machines about physically, from >> floor to floor and connection to connection. We've also been getting >> lots of timeouts. When I asked my domain host about it, he told me it >> was my own firewall cutting us off. It blocks connections out from our >> IP address if they fail more than it likes. (If he said what caused the initial, triggering failure to connect, I missed it.) > This doesn't make sense to me, unless you have restrictive firewalls on > your local net in front of the web access. Moving a machine should be > irrelevant. Fedora's default setting for the firewall is to let nothing > initiate connections to the system except ssh, and to let anything on > the system that wants to reach the net do so. If you haven't changed it > on any of your machines, that is what should be happening. It makes no sense to me either, and I don't even know how to access the firewall; it pretty well has to be whatever F29 defaults to. > Are you maybe using wireless, and getting problematic connections with > lower (or no) speeds in different locations? My current router is an ASUS AC-1200, which does both, and we use both. After fifteen years in this house, and half a dozen routers, we have a fair idea which locations a wireless access point can reach. We stick to those when (rarely) we use Wi-Fi. We keep it available mainly for house guests. >> So, I THINK, I ought to enlarge a/o lubricate the opening in >> the firewall that lets US out, but not make it any easier than I can >> help for supposed malware to get out. Does that make sense? >> >> If so, where do I go (i.e., what file do I open), and what >> changes do I make, to accomplish that? > > I don't think this should be necessary if you are using default Fedora > settings. Use the program firewall-config (man firewall-config) to look > at what the firewall settings are on each system. Mine is set to public > (meaning roughly that I am exposed to the public web, and thus don't > trust the network I'm on, so play safe). > > I used to have all kinds of elaborate rules in my iptables configuration > (which is what the firewall uses under the covers), but eventually just > caved and let the firewalld configuration set it. We've been unable for days to connect to our email at my domain; when we try our usual ssh -p , we get nothing but eventually "Connection timed out" -- even after having left it all night. From my Comcast account, I emailed support at my host (two guys in a suburb of Chicago afaict). The answer made no sense to me, but I recited it as best I could to this list-- and meseems it made no sense here, either. According to them, my own firewall cuts us (i.e., our whole IP) off when we try too many times too soon to connect. (We do that, of course, by hitting up arrow and Enter.) Am I making any more sense yet? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On Sun, 9 Dec 2018 19:00:25 + (UTC) Beartooth wrote: > I do some of my email and all of my Gmane activity (including > this list) at the address above, from my local access provider, > Comcast; but I do most of my email (and my wife does all of hers) at > my own domain, to which we connect by ssh. I pay an email service to host my domain, but as Joe does, I could just as easily use the mail hosts at my domain service. Easier, in fact, since that is their default. > Recently we've been moving machines about physically, from > floor to floor and connection to connection. We've also been getting > lots of timeouts. When I asked my domain host about it, he told me it > was my own firewall cutting us off. It blocks connections out from > our IP address if they fail more than it likes. This doesn't make sense to me, unless you have restrictive firewalls on your local net in front of the web access. Moving a machine should be irrelevant. Fedora's default setting for the firewall is to let nothing initiate connections to the system except ssh, and to let anything on the system that wants to reach the net do so. If you haven't changed it on any of your machines, that is what should be happening. Are you maybe using wireless, and getting problematic connections with lower (or no) speeds in different locations? > So, I THINK, I ought to enlarge a/o lubricate the opening in > the firewall that lets US out, but not make it any easier than I can > help for supposed malware to get out. Does that make sense? > > If so, where do I go (i.e., what file do I open), and what > changes do I make, to accomplish that? I don't think this should be necessary if you are using default Fedora settings. Use the program firewall-config (man firewall-config) to look at what the firewall settings are on each system. Mine is set to public (meaning roughly that I am exposed to the public web, and thus don't trust the network I'm on, so play safe). I used to have all kinds of elaborate rules in my iptables configuration (which is what the firewall uses under the covers), but eventually just caved and let the firewalld configuration set it. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/9/18 11:00 AM, Beartooth wrote: Recently we've been moving machines about physically, from floor to floor and connection to connection. We've also been getting lots of timeouts. When I asked my domain host about it, he told me it was my own firewall cutting us off. It blocks connections out from our IP address if they fail more than it likes. This doesn't really make sense. Usually personal/home firewalls are configured to allow any connections outgoing. And I don't know of any firewall that blocks an IP for failed connections. I'm not even sure how the firewall would know they were failing. What is your firewall or what are you using as the internet gateway device? What connections are timing out? Are you sure your internal network is connected correctly? If you've been moving lots of things around, it's possible that something got miswired. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F29 Wail at the Firewall (long; sorry!)
On 12/09/2018 12:00 PM, Beartooth wrote: I do some of my email and all of my Gmane activity (including this list) at the address above, from my local access provider, Comcast; but I do most of my email (and my wife does all of hers) at my own domain, to which we connect by ssh. My main email address is also at my own domain, but I find it easiest simply to specify their servers in my email client. One advantage of this is that when I moved from southern California to southern Colorado recently, I didn't have to change my settings. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org