Daniel V Klein
dvk@lonewolf.com
Thu, 02 Jan 2003 01:34:06 -0500
My thoughts on this: they are running a Cisco router with a specific ruleset enabled. Specifically, if a contact is made from the inside to an outside location, the outside is allowed to answer back. But for all but a very select few ports (and 6277 ain't one of them), no one from the outside can come in. It's called a "reflexive ruleset", and I use them myself. Since you found that TCP works on 6277 coming in, that may mean that the reflexive rule is not used for TCP. But since it *doesn't* work for UDP, it may be. I specifically enable UDP 6277 for the DCC sites I peer with. -Dan > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am awaiting a response from my hosting company presently. > > I'm sure they have battled several hundred billion bad guys who rented out se > rvers. Paranoia is a great security policy ! > I'm sure they have blocked out certain things because of past abuse from bad > guys. I am certain the vast number of servers in the Interland server farm wi > ll never need the type of UDP services we are talking about so I could see th > e point of doing weird UDP blocking. As a huge company they have to apply pol > icy across a huge vast number of users and there is no room for indiv excepti > ons. > > This is not however covered in the manual for the server. They do talk about > "unavailable services" like ping and traceroute: > > "For security reasons a Freedom server does not have the ability to directly > manipulate the network > interface on the machine. For this reason, features and applications that dir > ectly > manipulate the network interface, such as those listed below, do not function > on Freedom > Servers" > > Ping, traceroute, packet based firewalls IPFW and additional IP address are c > alled out as disabled. > > I assume this is a important attempt to keep people from doing all sorts of e > vil stuff. But just like spam blocking - some legitimate traffic will be bloc > ked - > > > This is the first time in 2 years and zillions of app installs I have had som > ething not work on my server. > > I do want confirmation from Interland that indeed they are blocking DCC's UDP > usage to confirm what we have surmised already here in these emails. > > I am also going to work them to support DCC as Spam is a huge problem for cli > ents and hosts alike. > > Again.... Thanx for the support I will continue the fight for running DCC on > my server. > > I am gonna leave the server running for a few days if anyone has any suggesti > ons... > > > > - -----Original Message----- > From: dcc-admin@rhyolite.com [mailto:dcc-admin@rhyolite.com] On Behalf Of Tim > Wicinski > Sent: Wednesday, January 01, 2003 8:56 PM > To: :) > Cc: 'Vernon Schryver'; dcc@rhyolite.com > Subject: Re: Newbie bewilderment IV the saga continues > > > > . > > > > I guess I will ask my hosting company about it. However they are > > idiots and this will cause complete brain boilover from them. My odds of fi > xing this are slim to none. Man this sure is very specific filtering ! > > > > I'm sure there are several people on this list who work for server > hostng companies with not such draconian policies on filtering, and with > support mechanisms to work these things out. Just a suggestion. > > _______________________________________________ > DCC mailing list DCC@rhyolite.com > http://www.rhyolite.com/mailman/listinfo/dcc > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0 > > iQA/AwUBPhPBRnzhLX3UbeVTEQIdCwCfb0mOwChpnPCOVVrsUR89q15L48EAoKSr > Y3cs0tO2dt9imabbX5TGEs0G > =6K5R > -----END PGP SIGNATURE----- > > > _______________________________________________ > DCC mailing list DCC@rhyolite.com > http://www.rhyolite.com/mailman/listinfo/dcc