Ok, tracking on. I just log here what i try. I made it the legacy way: /etc/hosts now has,
127.0.0.1 localhost 192.168.1.2 woody.lan1 woody # eth0 What irritates me is, wwwoffle still says, 'transferring data from localhost' it's no more 'localhost' isn't it ? And still the browser hangs. short overview of the environment: wwwoffle.conf now has 'woody' as first LocalHost entry. 'localhost' is the second entry there (is it necessary at all ?). There is a "*.lan1" entry in LocalNet, and also in AllowConnectHosts. bind-ipv4 is '0.0.0.0' which means the first entry of LocalHost will be used by wwwoffle, as socket, AIR ? Timeouts socket/dns/connect: 100,30,30, connect-retry=yes. I looked over the browser settings, and noted gthat aleon just calls 'gnome-network-preferences' (i don't start any gnome-session since long) and there were 'except from proxying' entries for this host, they are years old, today i think they are not really clever: 127.0.0.1, localhost, woody, woody.lan1. I guess the first 2 are not necessary at all ? - i just deleted them. But this shouldn't have any direct impact, AFAICS, cause it worked for some years, flawless. r: ping woody PING woody.lan1 (192.168.1.2): 56 data bytes 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.4 ms First try: The browser now hangs several minutes minutes even when loading wwwoffle pages, like the http index. But this is weird, now nothing works at all, not even calling http://192.168.1.2:8080... galeon always replies: "localhost" is not responding. Ooops, can't even load a page from the net anymore ('not responding'). Typical netfilter feature.... checking the iptables: There is a general accept rule for my eth0 mac address at ports 0:10000, so i thought my own box never gets into trouble. However, with the new 'localhost' setting of /etc/hosts, i should expect trouble because i once set up anything for '127.0.0.1' (because i always used that in servers) as only address which would never be filtered. I added a log rule for wwwoffle, and now can see, for example, for a woody:8080 request, Aug 23 10:43:36 woody kernel: _WOF_IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.1.2 DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=5967 DF PROTO=TCP SPT=1726 DPT=8080 WINDOW=32792 RES=0x00 SYN URGP=0 And indeed, looking closely, there is no MAC ! So another rule further down the table may hook in... Excerpt from iptables -L (which translates some numbers into meaningful words): Chain INPUT (policy ACCEPT) target prot opt source destination 1_LOG all -- !localhost anywhere state NEW 2_ACCEPT all -- !localhost anywhere state NEW 3_BLOCK all -- !localhost anywhere state NEW (...) Chain 2_ACCEPT (1 references) target prot -- opt source destination ACCEPT tcp -- anywhere anywhere MAC 00:C1:26:11:FE:2E tcp dpts:0:10000 (...) but bingo, look what i find in the DROP chain ! Chain 3_BLOCK (1 references) DROP tcp -- !localhost anywhere tcp dpt:webcache DROP udp -- !localhost anywhere udp dpt:8080 DROP tcp -- !localhost anywhere tcp dpt:tproxy DROP udp -- !localhost anywhere udp dpt:8081 I removed the block of 8080 and 8081 completely, for the time being, and now anything loads correctly again. No more hang ! :) Why does it have no MAC ? Because it's local traffic, never passes the NIC. You remember, that was my question about will such traffic pass the router (which would be the same as the NIC) physically. This is very clear now. I think i should add a rule for that, but i'll need some time to find out how it works. I know many generic good scripts out there, but i need to understand things first before i just take one of these, so i'll have to stick with my errors for a while ... (Any proposals welcome) ps. Oops - but what does this mean? Requesting http://127.0.0.1:8080/index.html --> WWWOFFLE File Locked Your request for URL http://127.0.0.1:8080/index.html is already being modified by another WWWOFFLE server. This address now even appears in the http index! http://127.0.0.1:8080 No Pages Hmmm...127.0.0.1 is in LocalHost ...no ? There's 'localhost' in that list, but not 127.0.0.1. sigh. You see this isn't that easy to understand. I added the IP to LocalHost, and now this gets the correct http://127.0.0.1:8080/index.html WWWOFFLE Proxy Welcome Page. ° /\/
