Re: Firewall problem: Only works on a restart

On Sun, 8 Feb 2009 23:08:06 -0500 (EST), Steven W. Orr wrote
> On Sunday, Feb 8th 2009 at 17:15 -0000, quoth Mikkel L. Ellertson:
> =>Steven W. Orr wrote:
> =>> I have a minor mystery and I don't know how to debug it.
> =>>
> =>> I have two computers in the house. Machine A has two NICS, one of
> which
> =>> is hooked to the cable modem and sees the outside world. Also,
> A
> =>> implements the IPTABLES firewall with NAT. Machine B and Machine
> 2nd
> =>> NIC are hooked up to a little hub. Ever since I upgraded to F10, I
> =>> notice that Machine B can't see the outside world unless I restart
> =>> firewall. And just to make it interesting,
> =>>
> =>> iptables -L > before
> =>> restart the firewall
> =>> iptables -L > after
> =>>
> =>> diff before after
> =>> result is no difference
> =>>
> =>> I'm wide open to a suggestion on how to fix this. And please don't
> tell
> =>> me to restart the firewall in rc.local. ;-)
> =>>
> =>> TIA
> =>>
> =>Dumb question time:
> Not dumb
> =>
> =>Is the NIC connected to the hub brought up at boot?
> Yes
> =>
> =>Does it have a static IP address?
> Yes
> Does that give anyone any ideas?
Are you sure it is associated with the firewall?  I have the similar
problem, but I've diagnosed it to a failing dns lookup function.  After
a restart dns works for a few minutes.  Any amount of inactivity, and it
dies.  I can get it back by restarting NM.

This dns problem goes back into 2007 (lots of complaints across the
various Linux forums about this), and as far as I can tell, it still
persists in an intermittent manner such that some can get it to work and
others cannot.

This last week I reinstalled F10 i386 from a new downloaded DVD iso
(vanilla install), and the problem persists.  I then installed F10 i386
from a DVD contained in the "Fedora 10 Bible", and the problem persists.
I downloaded F10 x86_64 and installed it on a different computer, and
the problem persists.  Both machines are dual-boot, and the Windoze side
of each machine works flawlessly.

I'm about ready to try Ubuntu to see if they have solved the NM dns
problem.  The complaints in the Ubuntu forums seem to have disappeared a
few months ago...so maybe they got their act together, while the Fedora
community is still fiddling around. Despite the claims, NM in F10,
doesn't "just work."

I'll agree with those who have recommended that we need to get the
network choices back into the installation GUI.  I should be able to
select static IP, and it "just works".

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD
Save a Tree...Unless necessary don't print this e-mail

