Sean Walberg wrote:
Random thoughts:
Win2k outside fw is not a conclusive test. Some people are only allowed 1 ip from the modem. Unplug fw from modem, reboot modem, and try again
I did power it down - though only for 30 sec. It appeared to go through the cycle of flashing lights, etc.
Does the win2k box pick up an addy on the inside (assuming you use dhcp)?
Using fixed private addresses on the inside.
Not sure why you're getting proxy errors, are you configured for a proxy?
No - other than the firewall acting as a proxy (which should be transparent to the app).
You could also try tcpdump or wireshark to see what's going on network wise.
I will have to play sometime - but at present it works on a different machine on the network, even though it should be handled exactly the same by the firewall.
Sean
On 2/14/08, Dan Martin ummar143@shaw.ca wrote:
I have a home LAN that uses a iptables firewall running on FC 4 on my gateway machine. I run Win2K on an internal LAN machine that I use to run (among other things) 2 applications that contact remote servers. Using SNAT in iptables, everything seemed to run fine, since all communications with the servers were initiated on my end and return packets were appropriately translated back.
Recently I upgraded one of the apps that accesses a broker and real time quotes. It then failed to run, and their minimal tech support could not help me get it going. The failure was blamed on my firewall. I changed it to allow some new connections from the internet (DNAT) but to no avail. I assumed that I had implemented DNAT incorrectly or there were things they weren't telling me.
Yesterday, I found I was unable to run an app that accessed a second server - even though I had run it many times previously. It gave the error "Cannot connect to the ... server. Proxy connection failed: the configured proxy server is not accepting connections." Changing my firewall back to the previous version did not solve the problem.
I plugged my Win2K machine directly to the cable modem and configured it to connect by DHCP. I could not get an address for it. Shaw believes the modem is working and trying to assign an address.
I finally installed this second app into another Windows machine on the internal LAN and it ran perfectly.
It shouldn't be a firewall problem - the iptables should handle one internal machine exactly the same as the other - no rules specify a particular machine except the DNAT rules, which were removed.
It is suspicious that the NIC would not configure when plugged to the cable modem - but everything else works. I can browse the web and get my mail.
Is this consistent with a NIC failure? could it be something else?
-- -Dan