Re: F29 Wail at the Firewall (long; sorry!)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/11/18 11:04 AM, Beartooth wrote:
> On Sun, 09 Dec 2018 15:27:32 -0700, stan wrote:
> 
>> On Sun, 9 Dec 2018 19:00:25 +0000 (UTC)
>> I Beartooth <Beartooth@xxxxxxxxxxx> wrote:
>>
>>> 	I do some of my email and all of my Gmane activity (including
>>> this list) at the address above, from my local access provider,
>>> Comcast; but I do most of my email (and my wife does all of hers) at my
>>> own domain, to which we connect by ssh.
> 
>>> 	Recently we've been moving machines about physically, from
>>> floor to floor and connection to connection. We've also been getting
>>> lots of timeouts. When I asked my domain host about it, he told me it
>>> was my own firewall cutting us off.  It blocks connections out from our
>>> IP address if they fail more than it likes. 
> 
> 	(If he said what caused the initial, triggering failure to 
> connect, I missed it.)
>  
>> This doesn't make sense to me, unless you have restrictive firewalls on
>> your local net in front of the web access.  Moving a machine should be
>> irrelevant.  Fedora's default setting for the firewall is to let nothing
>> initiate connections to the system except ssh, and to let anything on
>> the system that wants to reach the net do so. If you haven't changed it
>> on any of your machines, that is what should be happening.
> 
> 	It makes no sense to me either, and I don't even know how to 
> access the firewall; it pretty well has to be whatever F29 defaults to.
>  
>> Are you maybe using wireless, and getting problematic connections with
>> lower (or no) speeds in different locations?
> 
> 	My current router is an ASUS AC-1200, which does both, and we use 
> both. After fifteen years in this house, and half a dozen routers, we 
> have a fair idea which locations a wireless access point can reach. We 
> stick to those when (rarely) we use Wi-Fi. We keep it available mainly 
> for house guests.
>  
>>> 	So, I THINK, I ought to enlarge  a/o lubricate the opening in
>>> the firewall that lets US out, but not make it any easier than I can
>>> help for supposed malware to get out. Does that make sense?
>>>
>>> 	If so, where do I go (i.e., what file do I open), and what
>>> changes do I make, to accomplish that?
>>  
>> I don't think this should be necessary if you are using default Fedora
>> settings.  Use the program firewall-config (man firewall-config) to look
>> at what the firewall settings are on each system.  Mine is set to public
>> (meaning roughly that I am exposed to the public web, and thus don't
>> trust the network I'm on, so play safe).
>>
>> I used to have all kinds of elaborate rules in my iptables configuration
>> (which is what the firewall uses under the covers), but eventually just
>> caved and let the firewalld configuration set it.
> 
>     We've been unable for days to connect to our email at my domain; 
> when we try our usual ssh <myname@mydomain.censored> -p <portno>, we get 
> nothing but eventually "Connection timed out" -- even after having left 
> it all night.
> 
>      From my Comcast account, I emailed support at my host (two guys in 
> a suburb of Chicago afaict). The answer made no sense to me, but
> I recited it as best I could to this list-- and meseems it made no sense 
> here, either.
> 
>      According to them, my own firewall cuts us (i.e., our whole IP) off 
> when we try too many times too soon to connect. (We do that, of course, 
> by hitting up arrow and Enter.)
> 
> 	Am I making any more sense yet?

Well, yeah, but I really, REALLY doubt it's your router. I've used that
model of router myself. While I was never a big fan of its wifi
abilities (kinda wimpy for my house), wired connections through it never
failed. Unless you took a power hit, did a firmware update or some other
action to your router, I doubt it's your problem. Those routers do have
a log in them. Check it to see if you see anything like what they're
claiming.

A far more likely candidate is that the cable modem got an update from
Comcast (they do that on occasion and without telling you) and it's
screwed up. I had a similar issue with Spectrum (a Comcast company)
here. By use of traceroutes and tcpdumps, I proved that their modem was
the problem. They reflashed my cable modem to the previous firmware it
had (and I had a record of what it was) and suddenly everything was
tickety-boo again.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-   To understand recursion, you must first understand recursion.    -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux