On 08-Maa-01, Jon wrote:

> 1) Do you use NAT at all?  If so, is there anything strange in the NAT
> configuration?

Here is the NAT config:

map ne1 10.0.0.0/24 -> 130.232.140.1/32 proxy port ftp ftp/tcp
map ne1 10.0.0.0/24 -> 130.232.140.1/32 portmap tcp/udp 50000:60000
map ne1 10.0.0.0/24 -> 130.232.140.1/32
rdr ne1 130.232.140.1/32 port 6677 -> 10.0.0.3 port 6677

The rdr line exist to make me able to serve files with Napster from
the Windows machine.
 
In the 10/24 network there are three addresses, .1 is the firewall
and .2 .3 are two machines behind the wall.

I also run dhclient on the firewall.

> 2) Do you run a DNS server on or behind the machine which is

No, I don't run DNS myself at all.
 
> 3) tcpdump?  That can be helpfull, seeing what's going on.  Of course,
> it'd be best if you had a friend trying to ssh in.

I haven't tried tcpdump, but I have tested (with same ipf.conf)
IPF with some handy logging rules when I first encountered the
problem: I tracked a simple ping (with a name) using ipmon:
the initial DNS request passed out fine to two DNS servers,
the primary responded almost immediately, but the packet got
blocked by the rule

block in long on ne1 from any to 130.232.140.1

(the port address the reply was going to, however, matched the port
from which the initial request came from, so shouldn't state table
make the packet work?)

I just checked, BTW, ipmon once I noticed I still have logging
enabled, but it contained no entries for today and yesterday.
Although, is there a limit for logged packets in /dev/ipl?

-- 
Arto Huusko  --  WWW: http://maailma.yok.utu.fi/
                  ** Divecalc **
The Diving Software @ http://maailma.yok.utu.fi/Divecalc