[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Selective web access and SuSe 11
From:       Phil Dibowitz <phil () ipom ! com>
Date:       2009-01-19 20:22:04
Message-ID: 23690_1232396931_4974E282_23690_7855_1_4974E0EC.30507 () ipom ! com
[Download RAW message or body]


James Raftery wrote:
> Tcpdump shows that there is a handshake and then a timeout for these sites:
> mysite.port# --> external.http S
> external.http --> mysite.port# S
> mysite.port# --> external.http . ack 1
> mysite.port# --> external.http P 1:389
> external.http --> mysite.port# . ack 389

A much more useful tcpdump is from both sides of the ipfilter machine, not
the suse machine.

Also, try adding 'log' to your rules to see what ipfilter is doing.

> The flow of the subnet is through a dual homed vintage machine running IRIX 6.2
> AND IP_fil3.4.16. If I take ipfilter down then no problem.

The *ancient* version shouldn't cause this problem, but I don't think it's
supported, and you may want to plan an upgrade soon anyway.

-- 
Phil Dibowitz                             phil@ipom.com
Open Source software and tech docs        Insanity Palace of Metallica
http://www.phildev.net/                   http://www.ipom.com/

"Never write it in C if you can do it in 'awk';
 Never do it in 'awk' if 'sed' can handle it;
 Never use 'sed' when 'tr' can do the job;
 Never invoke 'tr' when 'cat' is sufficient;
 Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming



["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]