Fedora Linux Support Community & Resources Center
  #1  
Old 15th December 2007, 10:27 PM
rak Offline
Registered User
 
Join Date: Dec 2007
Location: Pittsburgh, PA
Age: 37
Posts: 1
Trying to turn off "second" firewall

I am seeing some weird behavior in which there appears to be a "second firewall" blocking certain ports, even when I turn the firewall off.

I just upgraded from FC4 to FC8 (actually a fresh reinstall). I run a variety of services including sshd, httpd, named, and qmail. I am trying to restore all of my services and encountering what seems like a weird routing issue. The default FC8 install turns on the firewall and SELinux. The first thing I did was turn off both the firewall and SELinux, but they had no effect on the problem, which I will describe here in more detail.

Both named and apache seem to be accessible if accessed as localhost, but not by the canonical IP address of my system, whether from on or off the host. For instance,

[root@notfoo ~]# nslookup
> server localhost
Default server: localhost
Address: 127.0.0.1#53
> www.nightmoose.net
;; connection timed out; no servers could be reached
>
[root@notfoo ~]# nslookup
> server localhost
Default server: localhost
Address: 127.0.0.1#53
> www.nightmoose.net
Server: localhost
Address: 127.0.0.1#53

www.nightmoose.net canonical name = notfoo.nightmoose.net.
Name: notfoo.nightmoose.net
Address: 69.17.59.112


> server 69.17.59.112
Default server: 69.17.59.112
Address: 69.17.59.112#53
> www.nightmoose.net
;; connection timed out; no servers could be reached


I've checked all of the obvious things to no avail. A similar thing happens when trying to access port 80. Strangely I can ssh in just fine (just as if it was a firewall).

Some details for you ...

[root@notfoo ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:04:AD:9B:69
inet addr:69.17.59.112 Bcast:69.17.59.255 Mask:255.255.255.0
inet6 addr: fe80::250:4ff:fead:9b69/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:402501 errors:0 dropped:0 overruns:0 frame:0
TX packets:315599 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:482201554 (459.8 MiB) TX bytes:24251700 (23.1 MiB)
Interrupt:11 Base address:0x2000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3320 errors:0 dropped:0 overruns:0 frame:0
TX packets:3320 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:249109 (243.2 KiB) TX bytes:249109 (243.2 KiB)


[root@notfoo ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
69.17.59.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 69.17.59.1 0.0.0.0 UG 0 0 0 eth0


[root@notfoo ~]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Using tcpdump, I have determined that request packets are arriving. I see them come in, both from outside and from internally via the canonical IP address. No packets ever emanate from named.

By running named in verbose debug mode, I have verified that it receives requests through localhost, and that requests coming from outside are never even reaching named. Somehow, they are getting dropped instead of being handed to named as they ought to be.

I am out of ideas at this point. I checked the FC8 bug list to no avail. I saw some similar problems from others on the web, but none of the solutions were applicable in this case. Any and all suggestions you have will be welcomed, however!

Thanks much.

-ross
Reply With Quote
Reply

Tags
firewall, turn

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Australia's Great Firewall: just like China, Syria and other "free" countries xen_yasai Wibble 3 16th October 2008 02:01 PM
"ls" and "cd" treat ".." differently inside symlinked directories bnorman Using Fedora 0 19th June 2008 04:49 PM
ODD Problem: "Forums logins" + Linux firewall/gateway = DNS Error DestrukThor Servers & Networking 2 16th June 2007 02:26 PM
disabling the "firewall" fedora core 3 installs by default showe Security and Privacy 4 17th June 2005 10:20 PM
Error:visibility arg must be one of "default", "hidden", "protected" or "internal" wangfeng Using Fedora 0 23rd May 2005 04:59 AM


Current GMT-time: 10:18 (Sunday, 31-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat