Does the default configuration for redhat limit outgoing TCP?
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
I help administer a small research network containing machines using MacOS X, Mandriva Linux, and SUSe Linux for the most part, with a few Windows boxes thrown in. I have been playing with Linux for quite awhile, but am completely stumped with this one. Most of my experience is with Mandriva rather than Red Hat, and I'm hoping this is a Red Hat configuration issue. A user brought in a Red Hat box. /etc/redhat-release gives: LSB_VERSION="1.3" Red Hat Enterprise Linux AS release 3 (Taroon Update 4) SGI ProPack 3SP6 for Linux, Build 306rp37-0508301842 uname -a gives: Linux mymachine.mynetwork.com 2.4.21-sgi306rp21 #1 SMP Tue Aug 30 18:51:36 PDT 2005 ia64 ia64 ia64 GNU/Linux My problem is this: I cannot get any of the tcp-based clients to work for any addresses outside my local domain. They work fine inside my local domain. The local domain is behind a firewall that does network address translation. Here's what I've found: 1) It affects all tcp clients I try-- ssh, telnet, mozilla. 2) UDP works OK -- I can ping the outside world 3) Changing the ip address of the box to another one within the local domain does not help 4) No other linux, windows or mac box has a problem 5) My firewall (and there is one) filters on the basis of ip address, not mac address, and does not have any rule that targets this machine. 6) Iptables is turned off, or at least that's what it says when I do "/ etc/init.d/iptables stop." 7) I can ssh, telnet, etc. within the local domain 8) I can ssh *into* the box (the sshd server works fine) from within the local network. I can also do an ssh tunnel using port forwarding through the firewall (though that looks local to the machine). I can do Xforwarding and open an xterm on a machine out in the world. 8) nc is also stumped. It can connect to a port on the back of the firewall, but can't get past it. Thus, for instance, on the Mandriva box I get: mandriva_box% nc -v www.google.com 80 DNS fwd/rev mismatch: www.l.google.com != yo-in-f99.google.com ... www.l.google.com [220.127.116.11] 80 (http) open but on the Red Hat box I get: redhat box% nc -v www.google.com 80 DNS fwd/rev mismatch: www.l.google.com != yo-in-f104.google.com ... <hangs> I *cannot* find any rules in my firewall that would do this. As I noted, this problem is specific to *this* machine -- none of the other machines behind the firewall. Changing the ip address of this machine to that of a machine that is not having the problem does not help. I'm hoping there's some Red Hat security configuration that limits TCP traffic. I am not all that familiar with the Red Hat configuration tools. I *did* turn off the firewall using redhat-config- securitylevels, but that did not change anything. Any ideas would be greatly appreciated. We in the lab have broken into two groups -- those who are convinced it's the firewall, even though nobody can see any problems with it, and those who are convinced it must be configuration issue on the Red Hat box, even though we can't find a configuration file that says "don't allow TCP anywhere outside the local domain." Thanks! billo _______________________________________________ Redhat-install-list mailing list Redhat-install-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/redhat-install-list To Unsubscribe Go To ABOVE URL or send a message to: redhat-install-list-request@xxxxxxxxxx Subject: unsubscribe