[Techtalk] Firewall blocks download -- why?
Brenda Bell
k15a-list-linuxchix at theotherbell.com
Sat Mar 29 14:03:42 EST 2003
I'm been staring at this for an hour and can't figure out what's wrong.
I'm using wget to download a file. The URL is
ftp://download2.eclipse.org/R-2.1-200303272130/eclipse-SDK-2.1-win32.zip.
wget connects to 204.138.98.19 port 21 OK, but then I get a message that says:
204.138.98.19:37146: No route to host
On my NetBSD firewall, I get the following in my log:
ipmon[88]: 12:34:32.086127 tlp1 @0:35 b download2.eclipse.org,ftp ->
111-195-35-64.dialup.mcttelecom.com,53692 PR tcp len 20 27136 -AFP IN
If I'm interpreting this correctly, some response from
download2.eclipse.org is definitely being blocked. ipfstat -hin indicates
that the blocking rule is my catchall at the end of ipf.conf:
@35 block in log quick from any to any
However, I have "earlier" rules in ipf.conf that should allow me to start
an ftp transfer from inside my network and accept all the responses:
@3 pass out quick on tlp1 proto tcp from any to any keep state keep frags
@4 pass out quick on tlp1 proto udp from any to any keep state keep frags
@5 pass out quick on tlp1 proto icmp from any to any keep state keep frags
When I try to ping download2.eclipse.org, I get the following output:
PING download2.eclipse.org (204.138.98.19) from 192.168.2.66 : 56(84) bytes
of data.
>From Z-hssi4-1-1.gw3.mtl1.sprint-canada.net (209.5.111.74): Packet filtered
Can anyone give me a clue as to what I'm missing here?
--
Brenda
http://opensource.theotherbell.com
More information about the Techtalk
mailing list