>
> Jim,
>
> Came across this exact same thing the other day.
>
> It's behind a fire-wall that doesn't allow the
> ICMP TIME_EXCEEDED's to get thru.
>
> www.analogic.com didn't seem to exist in the DNS
> this evening....
>
Our "Security Expert" programmed the Cisco to reject everything to
our Web Server (cute eh??). Port 80 has been turned off.
> On Tue, 21 Jan 1997, Jim Nance wrote:
> > Hello all,
> > I think I may have found a bug, but it may just be a problem with
> > my understanding of how networking works. I have a machine running
> > 2.0.27 and I can ping the machine www.analogic.com. However, if I
> > try to telnet to the same machine I get an error message about
> > there being no route to the host:
> >
> > sailboat> ping www.analogic.com
> > PING www.analogic.com (204.178.41.218): 56 data bytes
> > 64 bytes from 204.178.41.218: icmp_seq=0 ttl=244 time=590.3 ms
> > 64 bytes from 204.178.41.218: icmp_seq=1 ttl=244 time=34.3 ms
> > --- www.analogic.com ping statistics ---
> > 2 packets transmitted, 2 packets received, 0% packet loss
> > round-trip min/avg/max = 34.3/312.3/590.3 ms
> > sailboat> telnet www.analogic.com 80
> > Trying 204.178.41.218...
> > telnet: Unable to connect to remote host: No route to host
> >
> > I am assuming that there must be a route to the host in order for
> > ping to work.
> >
> > Here is the output of strace:
> >
> > socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 4
> > getuid() = 502
> > setuid(502) = 0
> > connect(4, {sin_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("204.178.
> > 41.218")}, 16) = -1 EHOSTUNREACH (No route to host)
> >
> > and the output of route:
> > Kernel routing table
> > Destination Gateway Genmask Flags MSS Window Use Iface
> > localnet * 255.255.0.0 U 1500 0 19891 eth0
> > loopback * 255.0.0.0 U 3584 0 541 lo
> > default uncw-gw.gate.un * UG 1500 0 25797 eth0
> >
[SNIPPED]
Well our web server and a lot of other stuff has now been blocked by
our Cisco. We have a new "Security Expert" that has to validate his
paycheck. Let's see, this machine is still "visible" on the Internet.
How would I route the Web Server around the firewall <grin>???
Cheers,
Dick Johnson
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Richard B. Johnson
Project Engineer
Analogic Corporation
Voice : (508) 977-3000 ext. 3754
Fax : (508) 532-6097
Modem : (508) 977-6870
Ftp : ftp@boneserver.analogic.com
Email : rjohnson@analogic.com, johnson@analogic.com
Penguin : Linux version 2.1.21 on an i586 machine (66.15 BogoMips).
Warning : It's hard to remain at the trailing edge of technology.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-