On Mon, 2002-08-26 at 11:50, Mikes work account wrote:
> One day last week, one of our consultants who logs in via VPN, was unable to
> do so. It seems that the assigned IP address was blocked by the Linux
> server. Others worked just fine. When we omitted that IP address and
> forced the use of another IP address, he was able to access the Linux box
> just fine.
Here are some ideas:
a) tcpd - tcp wrappers?; check hosts.allow and hosts.deny in /etc.
b) Firewall dropping packets according to preset rules? -- iptables,
ipchains, PIX, etc.
c) Routing? -- VPN subnet does not know how to get to the Linux server?
d) A less likely scenario is that the service the VPN client needed to
connect to required a reverse resolution for the ip, and the forced IP
address supplied to the host had an existing PTR record.
> And where can I find out why the server denied access to that
> one address?
>
Logs, logs, logs. Look in /var.
Attempt a reconnect under the same conditions. Run any unreachable
service in debug. Run tcpdump on the appropriate interface filtering for
the assigned VPN ip.
-- Matt Miller Systems Administrator MP TotalCare gpg public key id: 08BC7B06
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:03:48 EDT