| gabriel rosenkoetter on Wed, 10 Apr 2002 10:03:44 -0400 |
|
On Wed, Apr 10, 2002 at 09:39:54AM -0400, Gregson Helledy wrote: > I should have mentioned that I did set the FTP client to passive mode. > Before doing that I could not even retrieve directory contents. Hrm. This is smelling more and more like a firewall that doesn't know how to maintain state on TCP and UDP connections (or hasn't been told to do so). > The firewall distro did come with Squid, but I've disabled that. If it's just you on the inside, that makes a certain amount of sense, but Squid does what it does pretty well (recent security issues with it being what they are), and a little configuration makes all those stupid web ads go away, which is *really* nice. (If I have to look at that idiotic, neon, flashing "WINNER!!" ad one more time, I may kill someone. I'm surprised they haven't been sued for causing an epileptic fit yet...) > The firewall software used is bastille. Doubtful. You mean you've run the Bastille Linux script on top of a RedHat install, which means that you're actually using either ipchains or iptables (and probably the latter). Versions (of kernel, of RedHat, of Bastille) would help determine that for those of us without access to the machine. > I'll have to learn about what it's logging and go through them. > And learn about ICMP. While you should, in good conscious, configure your firewall to dtrt wrt ICMP, that may have been a red herring. (It's still worth checking, but if it doesn't make your troubles go away instantly, I won't be floored.) > Thanks for your hints, I'll get this ironed out somehow. Good luck... -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgplh0ELeI0p3.pgp
|
|