On Sunday 13 Feb 2005 18:43, Bill Gradwohl wrote: > Tony Dietrich wrote: > >Wild guess here .. when you/they set up the firewall, did they hardcode > > into the firewall the maximum number of internal IPs they expected ... ie > > "we're never going to have more than 70 machines, and even tho DNS can > > allocate more than 70 addresses, we'll write the firewall script to only > > allow the first 70 past"? > > The firewall has no limits imposed on it. Since this is Sunday, most of > the end user boxes are turned off, so I doubt there are more than 30 > boxes turned on. > Oh well, worth a thought .. eliminate all the improbable, and you are left with a few less culprits :p .. and I'm sure anyone who's been around has seen other silly things done in the name of 'security' :p Have you checked the deny rules as well as the allow rules in your chains? Is there a typo somewhere? Is there something in hosts.deny on the server that is stopping xinetd from acepting the connections? Is squid running and swallowing replies because of some ACL? (OK, so 99.9% of these questions are probably hopelessly wrong, but I was just free-thinking!) -- Tony Dietrich ------------- No act of kindness, no matter how small, is ever wasted. -- Aesop
