[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Can't browse, ssh, or ftp but can ping and nslookup FC-3



Lane Inman wrote:

With ACPI off, it still does not work;
ping -s 1500 works fine....

iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Lane Inman wrote:


FC 3 fresh install x86_64 smp

- firewall disabled
- SELinux off
- Interface is up
- Names Resolve
- Can ping hosts
- can connect on ftp, but cant download the files
- can't ssh to or from box...


have added to /etc/modprobe.conf alias net-pf-10 off

-Lane

I wouldn't recommend the acpi off for a networking problem where some packets work fine. You will probably want to reverse that change.


Make sure you reboot after adding the "alias net-pf-10 off" to /etc/modprobe.conf in order to make it effective.
Then make these additions to /etc/sysctl.conf. The tcp_ecn and tcp_window_scaling may be the problem. The latter change is just one I make to prevent responding to broadcast pings.


# Start CKJ additions for rubustness and security...
# Disable TCP ECN which some routers and servers cannot handle.
net.ipv4.tcp_ecn = 0

# Disable TCP window scaling which some routers and firewalls cannot handle.
net.ipv4.tcp_window_scaling = 0

# Disable response to broadcast icmp echo requests.
net.ipv4.icmp_echo_ignore_broadcasts = 1

# ...End CKJ additions for rubustness and security

Make the sysctl.conf changes effective by the command:
sysctl -p

Chris

--
-----------------------------------------------------------
  "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
  Chris Johnson, RHCE #807000448202021


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]