On 12/11/18 11:04 AM, Beartooth wrote: > On Sun, 09 Dec 2018 15:27:32 -0700, stan wrote: > >> On Sun, 9 Dec 2018 19:00:25 +0000 (UTC) >> I Beartooth <Beartooth@xxxxxxxxxxx> wrote: >> >>> I do some of my email and all of my Gmane activity (including >>> this list) at the address above, from my local access provider, >>> Comcast; but I do most of my email (and my wife does all of hers) at my >>> own domain, to which we connect by ssh. > >>> Recently we've been moving machines about physically, from >>> floor to floor and connection to connection. We've also been getting >>> lots of timeouts. When I asked my domain host about it, he told me it >>> was my own firewall cutting us off. It blocks connections out from our >>> IP address if they fail more than it likes. > > (If he said what caused the initial, triggering failure to > connect, I missed it.) > >> This doesn't make sense to me, unless you have restrictive firewalls on >> your local net in front of the web access. Moving a machine should be >> irrelevant. Fedora's default setting for the firewall is to let nothing >> initiate connections to the system except ssh, and to let anything on >> the system that wants to reach the net do so. If you haven't changed it >> on any of your machines, that is what should be happening. > > It makes no sense to me either, and I don't even know how to > access the firewall; it pretty well has to be whatever F29 defaults to. > >> Are you maybe using wireless, and getting problematic connections with >> lower (or no) speeds in different locations? > > My current router is an ASUS AC-1200, which does both, and we use > both. After fifteen years in this house, and half a dozen routers, we > have a fair idea which locations a wireless access point can reach. We > stick to those when (rarely) we use Wi-Fi. We keep it available mainly > for house guests. > >>> So, I THINK, I ought to enlarge a/o lubricate the opening in >>> the firewall that lets US out, but not make it any easier than I can >>> help for supposed malware to get out. Does that make sense? >>> >>> If so, where do I go (i.e., what file do I open), and what >>> changes do I make, to accomplish that? >> >> I don't think this should be necessary if you are using default Fedora >> settings. Use the program firewall-config (man firewall-config) to look >> at what the firewall settings are on each system. Mine is set to public >> (meaning roughly that I am exposed to the public web, and thus don't >> trust the network I'm on, so play safe). >> >> I used to have all kinds of elaborate rules in my iptables configuration >> (which is what the firewall uses under the covers), but eventually just >> caved and let the firewalld configuration set it. > > We've been unable for days to connect to our email at my domain; > when we try our usual ssh <myname@mydomain.censored> -p <portno>, we get > nothing but eventually "Connection timed out" -- even after having left > it all night. > > From my Comcast account, I emailed support at my host (two guys in > a suburb of Chicago afaict). The answer made no sense to me, but > I recited it as best I could to this list-- and meseems it made no sense > here, either. > > According to them, my own firewall cuts us (i.e., our whole IP) off > when we try too many times too soon to connect. (We do that, of course, > by hitting up arrow and Enter.) > > Am I making any more sense yet? Well, yeah, but I really, REALLY doubt it's your router. I've used that model of router myself. While I was never a big fan of its wifi abilities (kinda wimpy for my house), wired connections through it never failed. Unless you took a power hit, did a firmware update or some other action to your router, I doubt it's your problem. Those routers do have a log in them. Check it to see if you see anything like what they're claiming. A far more likely candidate is that the cable modem got an update from Comcast (they do that on occasion and without telling you) and it's screwed up. I had a similar issue with Spectrum (a Comcast company) here. By use of traceroutes and tcpdumps, I proved that their modem was the problem. They reflashed my cable modem to the previous firmware it had (and I had a record of what it was) and suddenly everything was tickety-boo again. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - To understand recursion, you must first understand recursion. - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx