IP being refused for some reason

Vidiot Sat, 09 Feb 2002 15:29:11 -0800

I'm running RH 7.1 and firestarter to control IP_TABLES.  There is an
IP that is not being answered by my box, except for pings.  The IP that
is being ignored is not in any of the firestarter control files.


I get the following when doing a tcpdump of the IP:

mrvideo.ZROOT <1130> tcpdump -i eth0 host 68.36.193.200
Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet socket
tcpdump: listening on eth0
16:28:17.780648 < bgp424971bgs.union01.nj.comcast.net.49542 > mrvideo.vidiot.com.http: 
S 3231819688:3231819688(0) win 5840 <mss 1460,sackOK,timestamp 28436035 0,nop,wscale 
0> (DF)
16:28:20.770866 < bgp424971bgs.union01.nj.comcast.net.49542 > mrvideo.vidiot.com.http: 
S 3231819688:3231819688(0) win 5840 <mss 1460,sackOK,timestamp 28436335 0,nop,wscale 
0> (DF)
16:28:26.831308 < bgp424971bgs.union01.nj.comcast.net.49542 > mrvideo.vidiot.com.http: 
S 3231819688:3231819688(0) win 5840 <mss 1460,sackOK,timestamp 28436935 0,nop,wscale 
0> (DF)
16:28:38.762180 < bgp424971bgs.union01.nj.comcast.net.49542 > mrvideo.vidiot.com.http: 
S 3231819688:3231819688(0) win 5840 <mss 1460,sackOK,timestamp 28438135 0,nop,wscale 
0> (DF)
16:29:00.033733 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:00.033733 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:01.053808 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:01.053808 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:02.013878 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:02.013878 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:02.773933 < bgp424971bgs.union01.nj.comcast.net.49542 > mrvideo.vidiot.com.http: 
S 3231819688:3231819688(0) win 5840 <mss 1460,sackOK,timestamp 28440535 0,nop,wscale 
0> (DF)
16:29:03.023951 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:03.023951 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:04.054027 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:04.054027 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:05.024098 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:05.024098 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:06.024171 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:06.024171 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:07.034244 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:07.034244 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:08.014316 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:08.014316 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:09.064393 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:09.064393 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:10.024463 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:10.024463 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:11.034537 < bgp424971bgs.union01.nj.comcast.net > mrvideo.vidiot.com: icmp: echo 
request (DF)
16:29:11.034537 > mrvideo.vidiot.com > bgp424971bgs.union01.nj.comcast.net: icmp: echo 
reply (DF)
16:29:22.615383 < bgp424971bgs.union01.nj.comcast.net.49548 > mrvideo.vidiot.com.smtp: 
S 3297325828:3297325828(0) win 5840 <mss 1460,sackOK,timestamp 28442516 0,nop,wscale 
0> (DF) [tos 0x10] 
16:29:25.595601 < bgp424971bgs.union01.nj.comcast.net.49548 > mrvideo.vidiot.com.smtp: 
S 3297325828:3297325828(0) win 5840 <mss 1460,sackOK,timestamp 28442816 0,nop,wscale 
0> (DF) [tos 0x10] 
16:29:31.606040 < bgp424971bgs.union01.nj.comcast.net.49548 > mrvideo.vidiot.com.smtp: 
S 3297325828:3297325828(0) win 5840 <mss 1460,sackOK,timestamp 28443416 0,nop,wscale 
0> (DF) [tos 0x10] 
16:29:43.596917 < bgp424971bgs.union01.nj.comcast.net.49548 > mrvideo.vidiot.com.smtp: 
S 3297325828:3297325828(0) win 5840 <mss 1460,sackOK,timestamp 28444616 0,nop,wscale 
0> (DF) [tos 0x10] 
16:29:50.767441 < bgp424971bgs.union01.nj.comcast.net.49542 > mrvideo.vidiot.com.http: 
S 3231819688:3231819688(0) win 5840 <mss 1460,sackOK,timestamp 28445335 0,nop,wscale 
0> (DF)
16:30:07.578670 < bgp424971bgs.union01.nj.comcast.net.49548 > mrvideo.vidiot.com.smtp: 
S 3297325828:3297325828(0) win 5840 <mss 1460,sackOK,timestamp 28447016 0,nop,wscale 
0> (DF) [tos 0x10] 
16:30:23.079804 < bgp424971bgs.union01.nj.comcast.net.49552 > mrvideo.vidiot.com.ftp: 
S 3358675374:3358675374(0) win 5840 <mss 1460,sackOK,timestamp 28448565 0,nop,wscale 
0> (DF)
16:30:26.080024 < bgp424971bgs.union01.nj.comcast.net.49552 > mrvideo.vidiot.com.ftp: 
S 3358675374:3358675374(0) win 5840 <mss 1460,sackOK,timestamp 28448865 0,nop,wscale 
0> (DF)
16:30:32.090464 < bgp424971bgs.union01.nj.comcast.net.49552 > mrvideo.vidiot.com.ftp: 
S 3358675374:3358675374(0) win 5840 <mss 1460,sackOK,timestamp 28449465 0,nop,wscale 
0> (DF)
16:30:44.071340 < bgp424971bgs.union01.nj.comcast.net.49552 > mrvideo.vidiot.com.ftp: 
S 3358675374:3358675374(0) win 5840 <mss 1460,sackOK,timestamp 28450665 0,nop,wscale 
0> (DF)
16:31:08.093099 < bgp424971bgs.union01.nj.comcast.net.49552 > mrvideo.vidiot.com.ftp: 
S 3358675374:3358675374(0) win 5840 <mss 1460,sackOK,timestamp 28453065 0,nop,wscale 
0> (DF)
16:31:56.066613 < bgp424971bgs.union01.nj.comcast.net.49552 > mrvideo.vidiot.com.ftp: 
S 3358675374:3358675374(0) win 5840 <mss 1460,sackOK,timestamp 28457865 0,nop,wscale 
0> (DF)



As can be seen, the pings gets through, but http, smtp and ftp ports do not.
There are no mail entries for the IP and no http log entries either.  What is
also interesting is that there are zero web page hits from 68.36.

Anyone have an idea as to what it might be?  Another person is complaining
about web access not working on one of his computers as well.

Firestarter config files available upon request.

I'm certainly confused.

MB
-- 
e-mail: [EMAIL PROTECTED]       It is God's job to forgive bin Laden.
                                It is our job to set up the meeting.
                                    U.S. Marine Corp.
Visit - URL: http://www.vidiot.com/  (Your link to Star Trek and UPN)



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

IP being refused for some reason

Reply via email to