LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   cannot connect to particular website w/ firewall running (http://www.linuxquestions.org/questions/linux-networking-3/cannot-connect-to-particular-website-w-firewall-running-4175432074/)

DutchGeek 10-13-2012 04:32 PM

cannot connect to particular website w/ firewall running
 
Hi Guys,

I have a small networking problem. I am using fw-jay to set up my iptables rules. nothing fancy, just opening some ports needed.

The problem is that i cannot connect to a particular website (blackboard) although other websites work perfectly. this happens when my firewall is running, when i turn it off, BB website works again.

I have tried to capture the packets when i ping the server, i capture all packets icmp echo request from me, and icmp echo reply from server. tcpdump says 20 packets captured, 0 dropped from kernel. However on my ping prompt, nothing is there... ?!

I also tried to telnet to port 80, and the connection times out. in tcpdump, it shows the SYN, SYN ACK from server, then my host keeps SYN'ing a fresh connection so the server sends an R for the previous connection.

Any ideas?

Thanks

KatrinAlec 10-15-2012 02:05 AM

If you use tcpdump on the internal interface (i.e. the one connected to your host) or on your host itself,
do the SYN ACKs fit the SYNs, that means same ip address and same ports, just reversed?
If it doesn't the SYN ACK isn't recognized as the correct answer to the SYN and the host would send another SYN.

DutchGeek 10-15-2012 07:15 AM

Quote:

Originally Posted by KatrinAlec (Post 4805886)
If you use tcpdump on the internal interface (i.e. the one connected to your host) or on your host itself,
do the SYN ACKs fit the SYNs, that means same ip address and same ports, just reversed?
If it doesn't the SYN ACK isn't recognized as the correct answer to the SYN and the host would send another SYN.

Do you mean trying to listen to the loopback interface? e.g tcpdump -i lo ....
I have tried that but no packet are captured here.

About the SYN/ACKs matching the SYN; in my capture, the SYN/ACK from the server has the ACK field of the seq. number + 1 of SYN packet. however my host keeps SYNing ignoring the SYN/ACK.

Maybe I am missing something so here is the tcpdump:

Code:

reading from file tcpdump.out, link-type EN10MB (Ethernet)
16:06:51.300846 IP slackbox.home.39684 > [SCRUBBED].edu.http: Flags [S], seq 4012778385, win 5840, options [mss 1460,sackOK,TS val 147435025 ecr 0,nop,wscale 6], length 0
16:06:51.301064 IP [SCRUBBED].edu.http > slackbox.home.39684: Flags [S.], seq 324687457, ack 4012778386, win 8192, options [mss 1460,sackOK,TS val 951946563 ecr 147435025], length 0
16:06:51.302576 IP [SCRUBBED].edu.http > slackbox.home.39684: Flags [S.], seq 324687457, ack 4012778386, win 8192, options [mss 1460,sackOK,TS val 951946563 ecr 147435025], length 0
16:06:54.298088 IP [SCRUBBED].edu.http > slackbox.home.39684: Flags [S.], seq 324687457, ack 4012778386, win 8192, options [mss 1460,sackOK,TS val 951946863 ecr 147435025], length 0
16:06:54.300727 IP slackbox.home.39684 > [SCRUBBED].edu.http: Flags [S], seq 4012778385, win 5840, options [mss 1460,sackOK,TS val 147438025 ecr 0,nop,wscale 6], length 0
16:06:54.332533 IP [SCRUBBED].edu.http > slackbox.home.39684: Flags [S.], seq 324687457, ack 4012778386, win 8192, options [mss 1460,sackOK,TS val 951946863 ecr 147435025], length 0
16:07:00.298242 IP [SCRUBBED].edu.http > slackbox.home.39684: Flags [S.], seq 324687457, ack 4012778386, win 8192, options [mss 1460,sackOK,TS val 951947463 ecr 147435025], length 0
16:07:00.300727 IP slackbox.home.39684 > [SCRUBBED].edu.http: Flags [S], seq 4012778385, win 5840, options [mss 1460,sackOK,TS val 147444025 ecr 0,nop,wscale 6], length 0
16:07:00.322667 IP [SCRUBBED].edu.http > slackbox.home.39684: Flags [S.], seq 324687457, ack 4012778386, win 8192, options [mss 1460,sackOK,TS val 951947463 ecr 147435025], length 0


KatrinAlec 10-15-2012 07:37 AM

So the host is where you're using tcpdump.
If your scrubbed ip-address is the same in the syn and the syn ack, it should work.
Maybe it's a firewall issue.
try looking up
Code:

iptables -L -v

DutchGeek 10-15-2012 02:41 PM

Thanks for the reply,

It is something weird.
iptables -L -v shows a lot of rules, interesting one:
Code:

618K  304M ACCEPT    tcp  --  any    any    anywhere            anywhere            tcp dpts:1024:65535 state RELATED,ESTABLISHED
I think this allows any connections above port 1024 to come in if they were established, which is the case in the SYN/ACK packet. trying telnet again, will cause a SYN/ACK to some other random port, which is also not "seen" by my host although the tcpdump shows 0 packets dropped by kernel..
telnetting other websites works.

KatrinAlec 10-16-2012 01:35 AM

If that's the same machine the rule needs to be in the INPUT chain.
Maybe see if you can see any DROP which increases while you're trying to connect.
You can delete the statistic with
iptables -Z
which will make it easier to see.

DutchGeek 10-16-2012 05:27 PM

Hi,
Yes it is in the input chain.
I am not sure I understand correctly but i did look at the dropped packets from /var/log/messages (this is where iptables logs them, i didn't check before since tcpdump shows 0 packets dropped by kernel ?!)


i pinged the website, this is what i found
it shows ICMP 0 (echo reply) dropped:

Code:

Oct 17 01:55:56 slackbox kernel: SPOOFED Packet IN=eth0 OUT= MAC=00:16:36:14:b0:e4:00:1f:0a:1f:22:19:08:00 SRC=10.220.0.25 DST=10.220.12.76 LEN=84 TOS=0x00 PREC=0x00 TTL=127 ID=1334 PROTO=ICMP TYPE=0 CODE=0 ID=11111 SEQ=8
Oct 17 01:55:57 slackbox kernel: SPOOFED Packet IN=eth0 OUT= MAC=00:16:36:14:b0:e4:00:1f:0a:1f:22:19:08:00 SRC=10.220.0.25 DST=10.220.12.76 LEN=84 TOS=0x00 PREC=0x00 TTL=127 ID=1355 PROTO=ICMP TYPE=0 CODE=0 ID=11111 SEQ=9
Oct 17 01:55:58 slackbox kernel: SPOOFED Packet IN=eth0 OUT= MAC=00:16:36:14:b0:e4:00:1f:0a:1f:22:19:08:00 SRC=10.220.0.25 DST=10.220.12.76 LEN=84 TOS=0x00 PREC=0x00 TTL=127 ID=1361 PROTO=ICMP TYPE=0 CODE=0 ID=11111 SEQ=10

The IP SRC & DST match the website and my machine respectively.
When I telnet the website, however, no packets are dropped but cannot connect.

I hope you still can help.

KatrinAlec 10-17-2012 01:45 AM

I've got to admit that I don't have a clue what that means or how to fix it. I've never had any SPOOFED Packets.
But that's most likely the reason.

Earlier I thought maybe it's a nat or mangle thing, but I don't know if that could somehow be connected with it.

You could of course still look into
iptables -L -v -t nat
or
iptables -L -v -t mangle
but I doubt that's the reason. With mangle you can change the ip addresses, and that's what a spoofed packed is about. But probably it's not on your machine.

I suggest you open another thread, so others will have a look at it.
I'll follow your post, so I can learn something new as well.

acid_kewpie 10-18-2012 03:16 AM

Can you explain more about these websites? what is blackboard? Where are these sites located? Can you show us ALL the rules? From the tcpdump it looks like the SYN/ACK is being blocked by iptables, so not getting back to the client to complete the handshake.

DutchGeek 10-18-2012 04:41 AM

Hi,
Well blackboard is a software used by colleges to post content etc. for students. Since I am on campus, i am accessing the private ip address of it. The external IP address is also giving the same problems. SYN/ACK and ping failures happen only for this particular website...
i am no expert in iptables, just using a script (fw-jay) to set the rules.
iptables -L -v gives:
Code:

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 ACCEPT    all  --  lo    any    anywhere            anywhere           
    0    0 JAY_LANIN  all  --  wlan0  any    anywhere            anywhere           
  19  3975 JAY_INETIN  all  --  eth0  any    anywhere            anywhere           
    5  1296 JAY_LDROP  all  --  any    any    anywhere            anywhere           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 JAY_FWD_INET_LAN  all  --  eth0  wlan0  anywhere            anywhere           
    0    0 JAY_FWD_LAN_INET  all  --  wlan0  eth0    anywhere            anywhere           
    0    0 JAY_LDROP  all  --  any    any    anywhere            anywhere           

Chain OUTPUT (policy ACCEPT 6 packets, 634 bytes)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 JAY_LANOUT  all  --  any    wlan0  anywhere            anywhere           
  86 10394 JAY_INETOUT  all  --  any    eth0    anywhere            anywhere           

Chain JAY_CHECK_ICMP (2 references)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 DROP      icmp --  any    any    anywhere            anywhere            icmp echo-request
    0    0 DROP      icmp --  any    any    anywhere            anywhere            icmp network-redirect
    0    0 DROP      icmp --  any    any    anywhere            anywhere            icmp host-redirect
    0    0 DROP      icmp --  any    any    anywhere            anywhere            icmp TOS-network-redirect
    0    0 DROP      icmp --  any    any    anywhere            anywhere            icmp TOS-host-redirect
    0    0 DROP      icmp --  any    any    anywhere            anywhere            icmp timestamp-request
    0    0 DROP      icmp --  any    any    anywhere            anywhere            icmp timestamp-reply
    0    0 DROP      icmp --  any    any    anywhere            anywhere            icmp address-mask-request
    0    0 ACCEPT    all  --  any    any    anywhere            anywhere           

Chain JAY_CHECK_TCP (3 references)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 DROP      tcp  --  any    any    anywhere            anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
    0    0 DROP      tcp  --  any    any    anywhere            anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
    0    0 DROP      tcp  --  any    any    anywhere            anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
    0    0 DROP      tcp  --  any    any    anywhere            anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
    0    0 DROP      tcp  --  any    any    anywhere            anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
    0    0 DROP      tcp  --  any    any    anywhere            anywhere            tcp flags:SYN,RST/SYN,RST
    0    0 DROP      tcp  --  any    any    anywhere            anywhere            tcp flags:FIN,SYN/FIN,SYN
    0    0 DROP      all  --  any    any    anywhere            anywhere            state INVALID
    0    0 DROP      tcp  --  any    any    anywhere            anywhere            tcp option=64
    0    0 DROP      tcp  --  any    any    anywhere            anywhere            tcp option=128

Chain JAY_FWD_INET_LAN (1 references)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 JAY_CHECK_TCP  tcp  --  any    any    anywhere            anywhere           
    0    0 JAY_CHECK_ICMP  icmp --  any    any    anywhere            anywhere           
    0    0 JAY_SPOOFING  all  --  any    any    anywhere            anywhere           
    0    0 ACCEPT    all  --  any    any    anywhere            anywhere            state RELATED,ESTABLISHED

Chain JAY_FWD_LAN_INET (1 references)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 LOG        icmp --  any    any    anywhere            anywhere            icmp echo-reply limit: avg 1/sec burst 1 LOG level info prefix `Dopped PING reply to outside'
    0    0 DROP      icmp --  any    any    anywhere            anywhere            icmp echo-reply
    0    0 DROP      icmp --  any    any    anywhere            anywhere            state INVALID
    0    0 JAY_CHECK_TCP  tcp  --  any    any    anywhere            anywhere           
    0    0 TCPMSS    tcp  --  any    any    anywhere            anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
    0    0 DROP      all  -f  any    any    anywhere            anywhere           
    0    0 ACCEPT    all  --  any    any    anywhere            anywhere            state NEW,RELATED,ESTABLISHED

Chain JAY_FWD_LAN_LAN (0 references)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 ACCEPT    all  --  any    any    anywhere            anywhere           

Chain JAY_INETIN (1 references)
 pkts bytes target    prot opt in    out    source              destination       
  19  3975 JAY_SPOOFING  all  --  any    any    anywhere            anywhere           
    1    60 JAY_INETIN_TCP  tcp  --  any    any    anywhere            anywhere           
    7  1952 JAY_INETIN_UDP  udp  --  any    any    anywhere            anywhere           
    0    0 JAY_CHECK_ICMP  icmp --  any    any    anywhere            anywhere           
    0    0 ACCEPT    all  --  any    any    anywhere            anywhere            state ESTABLISHED

Chain JAY_INETIN_TCP (1 references)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 JAY_SYNFLOOD  tcp  --  any    any    anywhere            anywhere            tcp flags:FIN,SYN,RST,ACK/SYN
    1    60 JAY_CHECK_TCP  all  --  any    any    anywhere            anywhere           
    0    0 ACCEPT    tcp  --  eth0  any    anywhere            anywhere            tcp dpt:9050 state NEW,ESTABLISHED
    0    0 ACCEPT    tcp  --  eth0  any    anywhere            anywhere            tcp dpt:5554 state NEW,ESTABLISHED
    1    60 ACCEPT    tcp  --  any    any    anywhere            anywhere            tcp dpts:1024:65535 state RELATED,ESTABLISHED

Chain JAY_INETIN_UDP (1 references)
 pkts bytes target    prot opt in    out    source              destination       
    2  656 ACCEPT    udp  --  any    any    10.220.12.1          anywhere            udp spt:bootps dpt:bootpc
    0    0 ACCEPT    udp  --  any    any    10.221.0.101        anywhere            udp spt:domain state ESTABLISHED
    0    0 ACCEPT    udp  --  any    any    10.221.0.102        anywhere            udp spt:domain state ESTABLISHED
    0    0 ACCEPT    udp  --  any    any    10.221.0.103        anywhere            udp spt:domain state ESTABLISHED
    0    0 ACCEPT    udp  --  eth0  any    anywhere            anywhere            udp dpt:ntp state NEW,ESTABLISHED
    0    0 ACCEPT    udp  --  eth0  any    anywhere            anywhere            udp dpt:domain state NEW,ESTABLISHED
    0    0 ACCEPT    udp  --  any    any    anywhere            anywhere            udp dpts:1024:65535 state RELATED,ESTABLISHED

Chain JAY_INETOUT (1 references)
 pkts bytes target    prot opt in    out    source              destination       

Chain JAY_LANIN (1 references)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 ACCEPT    icmp --  any    any    anywhere            anywhere           

Chain JAY_LANOUT (1 references)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 ACCEPT    all  --  any    wlan0  anywhere            192.168.1.0/24     

Chain JAY_LDROP (2 references)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 LOG        tcp  --  any    any    anywhere            anywhere            limit: avg 1/sec burst 5 LOG level info prefix `TCP Dropped '
    5  1296 LOG        udp  --  any    any    anywhere            anywhere            limit: avg 1/sec burst 5 LOG level info prefix `UDP Dropped '
    0    0 LOG        icmp --  any    any    anywhere            anywhere            limit: avg 1/sec burst 5 LOG level info prefix `ICMP Dropped '
    0    0 LOG        all  -f  any    any    anywhere            anywhere            limit: avg 1/sec burst 5 LOG level info prefix `FRAGMENT Dropped '
    5  1296 DROP      all  --  any    any    anywhere            anywhere           

Chain JAY_SPOOFING (2 references)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 LOG        all  --  any    any    0.0.0.0/8            anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    6  1280 LOG        all  --  any    any    10.0.0.0/8          anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    loopback/8          anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    169.254.0.0/16      anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    172.16.0.0/12        anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    192.0.2.0/24        anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    192.168.0.0/16      anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    base-address.mcast.net/4  anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    240.0.0.0/5          anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    248.0.0.0/5          anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    255.255.255.255      anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    10.220.12.107        anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    192.168.1.0/24      anywhere            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    4  624 LOG        all  --  any    any    anywhere            255.255.255.255    limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 LOG        all  --  any    any    anywhere            0.0.0.0            limit: avg 1/sec burst 1 LOG level info prefix `SPOOFED Packet '
    0    0 DROP      all  --  any    any    0.0.0.0/8            anywhere           
  11  1963 DROP      all  --  any    any    10.0.0.0/8          anywhere           
    0    0 DROP      all  --  any    any    loopback/8          anywhere           
    0    0 DROP      all  --  any    any    169.254.0.0/16      anywhere           
    0    0 DROP      all  --  any    any    172.16.0.0/12        anywhere           
    0    0 DROP      all  --  any    any    192.0.2.0/24        anywhere           
    0    0 DROP      all  --  any    any    192.168.0.0/16      anywhere           
    0    0 DROP      all  --  any    any    base-address.mcast.net/4  anywhere           
    0    0 DROP      all  --  any    any    240.0.0.0/5          anywhere           
    0    0 DROP      all  --  any    any    248.0.0.0/5          anywhere           
    0    0 DROP      all  --  any    any    255.255.255.255      anywhere           
    0    0 DROP      all  --  any    any    10.220.12.107        anywhere           
    0    0 DROP      all  --  any    any    192.168.1.0/24      anywhere           
    0    0 DROP      all  --  any    any    anywhere            255.255.255.255   
    0    0 DROP      all  --  any    any    anywhere            0.0.0.0           

Chain JAY_SYNFLOOD (1 references)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 RETURN    all  --  any    any    anywhere            anywhere            limit: avg 12/sec burst 24
    0    0 DROP      all  --  any    any    anywhere            anywhere

cheers

acid_kewpie 10-18-2012 05:44 AM

So what is the IP you're hitting? are you hitting other internal websites by IP? There are plenty of drops there for private subnets, so it looks reasonable that it's one of them doing it.

your tcpdump and iptables outputs would be clearer with an -n added to them, to stop host name resolution and show the IP addresses involved.

DutchGeek 10-18-2012 12:19 PM

This is the IP address i am hitting: 10.220.0.25
My address is one of 10.220.12.107/24 (dynamic by dhcp)
Note that if I access the public IP address of that site, the same issue happens.

acid_kewpie 10-18-2012 01:13 PM

Right so you can see it's being twunted by the JAY_SPOOFING table. I think it's the DROP entry in there, with 1280 hits, I think that's your man, as there doesn't seem to be any ESTABLISHED rule being encountered first. The public IP is getting dropped elsewhere.

Baaaaaasically, and please don't take this the wrong way, I would say that you've not taken the time to learn how to use this firewall script. I've no experience of it, but it looks pretty heavyweight to be dumping out all these tables. Looking at the flow, things are happening in the wrong order etc, but I expect that there's a reason for this which, given full configuration in its own gui, would make much more sense when reading the output. Either configure it properly or stop using it, and just use a normal tool. I'm sure slackware has one by default, and SuSe will have Yast. Or just edit the rules directly, it's really pretty easy one you've ditched all those confusing tables.

On a redhat server, the default list that is loaded by its iptables service just looks like this:

Code:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

It's pretty simple, and you can probably see yourself what you'd need to duplicate and tweak to allow another incoming port. But as you don't even need to do that in the first place... a default firewall config like this would "just work".

DutchGeek 10-18-2012 04:32 PM

Thanks for your help!

Here is what happened:
I removed the rule that would drop 10.0.0.0/8 connections, but it still didn't work. added a rule that allows incoming related,established connections above port 1024 from BB website, but still no luck
heck i even disabled the firewall, and still..
So i tested the wifi in the hallway, to see if the website is up and running. it is, and with the same internal IP that i am using.

As a final resort, i plugged my ethernet cable to a different socket and voila! It seems pretty strange, not sure what to make of it.
The traceroute:
Code:

traceroute 10.220.0.25
traceroute to 10.220.0.25 (10.220.0.25), 30 hops max, 60 byte packets
 1  10.220.12.2 (10.220.12.2)  0.743 ms  1.052 ms  1.377 ms
 2  10.220.0.25 (10.220.0.25)  0.241 ms  0.256 ms  0.232 ms

Another thing, my orig. IP address was 10.220.12.76, in the other socket it was 10.220.12.107. I plugged back to my old socket, set the IP manually to 10.220.12.107 and it worked. then i switched back to 10.220.12.76, didn't work. switched back to 10.220.12.107 didn't work again. So it just worked for a little while on my old socket then it stopped?!
Maybe MAC address filtering, but then it worked for a while before stopping..

Now that i removed the rule that is responsible for dropping connections, attempting to connect traceroute shows more than 30 hops, although I KNOW it is one hop away..
Code:


traceroute 10.220.0.25
traceroute to 10.220.0.25, 30 hops max, 60 byte packets

 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

I think i need to call Tech support :D

Cheers


All times are GMT -5. The time now is 09:39 AM.