On Sun, 09 Dec 2018 15:27:32 -0700, stan wrote: > On Sun, 9 Dec 2018 19:00:25 +0000 (UTC) > I Beartooth <Beartooth@xxxxxxxxxxx> wrote: > >> I do some of my email and all of my Gmane activity (including >> this list) at the address above, from my local access provider, >> Comcast; but I do most of my email (and my wife does all of hers) at my >> own domain, to which we connect by ssh. >> Recently we've been moving machines about physically, from >> floor to floor and connection to connection. We've also been getting >> lots of timeouts. When I asked my domain host about it, he told me it >> was my own firewall cutting us off. It blocks connections out from our >> IP address if they fail more than it likes. (If he said what caused the initial, triggering failure to connect, I missed it.) > This doesn't make sense to me, unless you have restrictive firewalls on > your local net in front of the web access. Moving a machine should be > irrelevant. Fedora's default setting for the firewall is to let nothing > initiate connections to the system except ssh, and to let anything on > the system that wants to reach the net do so. If you haven't changed it > on any of your machines, that is what should be happening. It makes no sense to me either, and I don't even know how to access the firewall; it pretty well has to be whatever F29 defaults to. > Are you maybe using wireless, and getting problematic connections with > lower (or no) speeds in different locations? My current router is an ASUS AC-1200, which does both, and we use both. After fifteen years in this house, and half a dozen routers, we have a fair idea which locations a wireless access point can reach. We stick to those when (rarely) we use Wi-Fi. We keep it available mainly for house guests. >> So, I THINK, I ought to enlarge a/o lubricate the opening in >> the firewall that lets US out, but not make it any easier than I can >> help for supposed malware to get out. Does that make sense? >> >> If so, where do I go (i.e., what file do I open), and what >> changes do I make, to accomplish that? > > I don't think this should be necessary if you are using default Fedora > settings. Use the program firewall-config (man firewall-config) to look > at what the firewall settings are on each system. Mine is set to public > (meaning roughly that I am exposed to the public web, and thus don't > trust the network I'm on, so play safe). > > I used to have all kinds of elaborate rules in my iptables configuration > (which is what the firewall uses under the covers), but eventually just > caved and let the firewalld configuration set it. We've been unable for days to connect to our email at my domain; when we try our usual ssh <myname@mydomain.censored> -p <portno>, we get nothing but eventually "Connection timed out" -- even after having left it all night. From my Comcast account, I emailed support at my host (two guys in a suburb of Chicago afaict). The answer made no sense to me, but I recited it as best I could to this list-- and meseems it made no sense here, either. According to them, my own firewall cuts us (i.e., our whole IP) off when we try too many times too soon to connect. (We do that, of course, by hitting up arrow and Enter.) Am I making any more sense yet? _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx