[ale] revisit the web problem again

Dow Hurst dhurst at kennesaw.edu
Tue Nov 11 10:48:45 EST 2003


The firewall is hardened by Bob but we've never taken time to implement 
rules like at the school.  The NAT is the main deterent(sp?).  Bob has 
told me we need to fix this but budget and time have made this take a 
back seat.  So, there are normal system logs but no logs of traffic 
passing.  I can implement this and start logging which is an excellent 
idea.  Probably will be this weekend before I get to it.  I've pushed 
alot of data back and forth over her connection without problems but I 
can test for partial pages.  Thanks,
Dow


Mike Murphy wrote:

> If when her browser is just spinning, she could stop and view source, 
> that might be helpful: my guess is that there will be a partial page 
> there. If so, you might want to see if there are a lot of errors on 
> her workstations interface or the firewall, and check MTU's everywhere 
> (they should be smaller than 1500 typically). At least that's the 
> stuff off the top of my head... Does this firewall keep logs?
>
> Mike
>
>
> Dow Hurst wrote:
>
>> Well, now I have a user that can't get to www.wachovia.com or 
>> www.deseretnews.com.  She has this setup:
>>
>>
>> Earthlink DSL
>>    |
>>    |
>> 2wire DSL modem/router/firewall
>>    |_________________________________
>>    |                                 |
>> KSU Firewall (http allowed)        HPNA Interface
>>    |                                 |
>> Linux workstation (SuSE 8.2)       WinXP Home
>>    |
>> VMware WinXP Pro
>>
>> The 2wire device has a bridge mode to share the 2wire's outside IP 
>> with one internal device.  The KSU firewall is defined as that 
>> device.  So using a DHCP call, the KSU Firewall gets assigned the 
>> outside IP of whatever the 2wire device has gotten from Earthlink.  
>> It works great and allows us to depend on the KSU firewall (managed 
>> by Bob Toxen) to protect her internal systems that are used for the 
>> work she does for us.  The phone interface, HPNA, allows an upstairs 
>> home PC to be protected by the 2wire's firewall and share the DSL 
>> connection.  Nice setup and works well for us.
>>
>> She can telnet from the Linux workstation's prompt to the IPs of both 
>> www.wachovia.com and www.deseretnews.com at port 80 and get a 
>> communication from the web server.  She is able to type some garbage 
>> and get a response from each webserver before they close the 
>> connection.  A standard way to check if the server is up.  Now, if 
>> she tries Mozilla, Konqueror, and Opera under SuSE then contact is 
>> made but no page returns.  I am saying that contact is made because 
>> she told me that Mozilla was saying in the task bar that 
>> "Transferring data" appeared.  She has even tried IE 6 in the vmware 
>> XP hoping that would work but no juice.  Dig gave her the IPs to try 
>> the telnet trick with.  So any advice on troubleshooting this?
>>
>> I have thought that since her upstairs HPNA connected XP machine can 
>> get a page back from these sites that the 2wire's stateful firewall 
>> is somehow remembering the destination.  So a request from any part 
>> of her network to those sites would get directed to the HPNA 
>> interface.  The problem is that no other redirection has occurred and 
>> it is a stupid idea anyway.  I get those more than occasionally. ;-)
>>
>> Thanks for your help,
>> Dow
>>
>>
>> Geoffrey wrote:
>>
>>> Dow Hurst wrote:
>>>
>>>> Have you checked that there isn't a deny statement in these 
>>>> browsers for cookies from that site?  I have lost the ability to go 
>>>> to a site if I denied it the ability to leave a cookie.  Until I 
>>>> went in and re-enabled that site to leave a cookie, I couldn't get 
>>>> to it.
>>>
>>>
>>>
>>>
>>> I checked that.  I am only allowing cookies from the originating 
>>> site. I turned that off, still no go.
>>>
>>> I'm beginning to think it's the ttl setting Mike made mention of.
>>>
>>
>

-- 
__________________________________________________________
Dow Hurst                  Office: 770-499-3428            *
Systems Support Specialist    Fax: 770-423-6744            *
1000 Chastain Rd. Bldg. 12                                 *
Chemistry Department SC428  Email:   dhurst at kennesaw.edu   *
Kennesaw State University         Dow.Hurst at mindspring.com *
Kennesaw, GA 30144                                         *
************************************************************
This message (including any attachments) contains          *
confidential information intended for a specific individual*
and purpose, and is protected by law.  If you are not the  *
intended recipient, you should delete this message and are *
hereby notified that any disclosure, copying, distribution *
of this message, or the taking of any action based on it,  *
is strictly prohibited.                                    *
************************************************************




More information about the Ale mailing list