Excellent suggestions for gathering data, Charles. Unfortunately, data indicates that nothing changes (with respect to those commands).
I still believe that it is related to changing the eth1 net to 192.168.3.0/24 because I have a similar system unchanged that doesn't fail (mind you, it has w2k not w95 on the internal net). I made one other discovery. If I change the hosts.allow to: sh-httpd: 0.0.0.0/0.0.0.0 sshd: 0.0.0.0/0.0.0.0 then I no longer have the problem!!! BUT in the original failure, I didn't get any such message as "connection refused" (or whatever it is when hosts.deny disallows) in the logs. VERY strange. It's as if a cached copy of hosts.allow is set for ALL: 192.168.1.0/255.255.255.0 (as opposed to the "real" ALL: 192.168.3.0/255.255.255.0 and it reverts to the cached copy when dnscache is restarted and rereads the actual file when dhclient assigns an ip address??? Urgency is gone as I wanted to open up hosts.allow anyway. I just hate to think that there may be a problem lurking that may bite me later (e.g. when I wish to tighten hosts.allow in the future?). Any further ideas or diagnostics? Keith > -----Original Message----- > From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 26, 2002 3:37 PM > To: Keith Laidlaw > Cc: LEAF > Subject: Re: [Leaf-user] dhclient interferes with weblet > > > > To the best of my knowledge (using winipcfg), all settings are > same (since > > they come from dhcpd and the conf file doesn't change. > > > > What I mean by "access" is that I can always ping 192.168.3.254 > but can't > > get the web page by typing in the url "http://192.168.3.254"; in > IE5.0. I > > get a long, long delay with hourglass (2minutes?) followed by > an IE error > > page (unable to something or other... sorry, don't know exactly and the > > system is setup is elsewhere). > > > > Can't remember exactly but I think there were no entries at all in the > logs. > > Pretty sure of that. > > OK, so you re-load dnscache, and your internal system can't see the weblet > server...is that correct? What about the rest of the internet...can you > ping/web-browse by IP and/or domain name to the internet in general? > > If you want to try to track down what's wrong, it's probably time to start > gathering data. Run the following commands and store the output: > > On the firewall: > ip addr > ip route > ip neigh > netstat -an > net ipfilter list > > On the internal machine (NOTE: these are the commands for WinNT/2000...if > you're using 9x you may have to translate): > ipconfig /all > arp -a > > Record the output in the normal (everything working) state, then > again when > you restart dnscache (and break the internal systems weblet access), and > finally when everything is working again, after you release/renew > your dhcp > lease. > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
