# Gentoo doesn't work when other OSes do

## kevman

I have a strange networking problem, which is undoubtebly caused by my school's complete inability to administer a network.

Not long ago, we recieved an email stating that they would now be limiting our "total number of sessions - not bandwidth" becuase of P2P. Which is fine. 

The problem is that this seems to have limited Gentoo to zero connections; 3 out of the four gentoo machines on campus that I know of can no longer surf the net or get incoming HTTP connections. 2 of them don't have Apache or any such thing installed. They are still getting IPs and resolving DNS, and they can even IRC and use AIM, but the ONLY website they will load is Google. Nothing else. No portage. Reboot them into Windows, and they all work fine. 

My laptop in Gentoo works fine, too, as well as my roommate's Mac and Ubuntu computers. I can't figure out a lowest common denomator to even begin to troubleshoot this. And I DOUBT my school would be willing to try and fix it.

Anyone have any idea what might be the cause?

----------

## desultory

If you are using Firefox what is network.http.max-connections-per-server under about:config set to?

----------

## kevman

Well, its set to whatever the default is (I'm not at the computer right now). I used to use Fasterfox, but I removed and reset the defaults last year. However, NOTHING works. Ping doesn't (it resolves the IP, but never gets a reply). Emerge doesn't. Konqueror doesn't. Wget doesn't. 

Any of these apps work fine against Google, but that's it.

I stopped sshd on all the machines, as well as distccd and the like.

The only thing I can think of is perhaps some recent change to Gentoo's networking code; 2 of the machines that can't connect are recently built (less than a month off of 2006.1) and the third I have been emerging world on (started with 600 packages, now only 30 left, but I can't get it to finish without fixing this).

My still-connecting Gentoo Laptop hasn't been updated in over a month. I was going to do that tonight, but now I wonder if I should wait till this gets sorted out. 

I'd start looking through changelogs, but I don't even know what package to look at.

----------

## madisonicus

So far as I know there's no way to specifically lock out Gentoo.  Since your school explicitly said they were changing IT policy, it's probably not Gentoo's fault.  Instead, it sounds like your school has done some port blocking in order to prevent bandwidth overuse.  rsync occurs on port 873, not port 80 where internet websites are passed; AIM and IRC have different ports, etc...  It's also possible that they've got some kind of proxy server set up, but that doesn't seem to be the case.  Windows likely works because many IT departments will assume only Windows users.

I would definitely contact your IT department and ask them politely how your and your friends can set up your linux machines in order to be in compliance with their new IT policies.

Let us know what happens.  Good luck!

----------

## PaulBredbury

Grasping at straws, perhaps the difference is in the Linux driver for the network/wireless card.

----------

## kevman

For three systems, each with radically different cards? Unlikely.

madisonicus, yeah, I know, but why are these ports ONLY blocked for Gentoo and not Windows? I am stumped.

I'll going to have to do a ton of moaning to the school admins, who are clearly idiots. 

Everybody at my school gets his/her own IP (the school leases the 205.146 class B), but its filtered somehow. I think the best way to describe it is a NAT/router that is set up to get IPs for everyone on the WAN side then DHCP that IP itself out to the PCs at the LAN side, so it just LOOKs like you are not behind a router.

----------

## thepustule

You said your "still-connecting laptop" - are you saying that you have a gentoo system that still works ok?  Are there others?

Your post seems to be indicating that you have ALL gentoo systems being blocked, but then you say you have a gentoo system still working.  Maybe there's an assumption being made, and you're actually looking for the problem in the wrong place?

----------

## kevman

 *kevman wrote:*   

> 
> 
> My laptop in Gentoo works fine, too, as well as my roommate's Mac and Ubuntu computers. 

 

Yes, the Laptop works in Gentoo. But 3 other Gentoo machines do not, but they are more recently updated. But where else can the problem be? The machines that do not work in Gentoo work fine in Windows, and a Knoppix CD does, too. 

Its difficult to not make an assumption when 75% of known Gentoo computers on campus don't work, but every other machine I have seen on campus (dozens, literally) work.

That being said, the assuredly messed something up; even the machines that DO work connect slowly (about 40kbit). If we hijack a lab computer's ethernet cable, (they are on a seperate non-messed-with connection) Gentoo works, and FAST.

I will be in touch with my school's admin network, but I doubt they will be willing to look at it unless we can tell them what's wrong. I REALLY doubt they'd have a clue. These people have taken WEEKS to fix problems which caused the ENTIRE campus to go offline in the past. (Usually the DHCP servers go down).

----------

## desultory

 *kevman wrote:*   

> Well, its set to whatever the default is (I'm not at the computer right now). I used to use Fasterfox, but I removed and reset the defaults last year.

 

Not that it appears to be the problem anymore, but Fasterfox is known to not clean up after itself properly so some settings are probably not at the defaults.

 *kevman wrote:*   

> However, NOTHING works. Ping doesn't (it resolves the IP, but never gets a reply). Emerge doesn't. Konqueror doesn't. Wget doesn't.

 

Which was not quite as explicitly stated before, thanks for clarifying.

Perhaps run nmap against all of the Gentoo machines under Gentoo and at least once against a machine in Knoppix. Check what services are run on the Gentoo machines, look for patterns.

----------

## kevman

OK, I ran me some nmap.

```

kevlinux kevin # nmap -o outbox.rmu.edu

Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-09-23 22:07 UTC

No target machines/networks specified!

QUITTING!

kevlinux kevin # nmap -p0 outbox.rmu.edu

Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-09-23 22:07 UTC

Interesting ports on rmc-mail.rmu.edu (205.146.48.23):

PORT  STATE  SERVICE

0/tcp closed unknown

Nmap finished: 1 IP address (1 host up) scanned in 8.577 seconds

kevlinux kevin # nmap -P0 gentoo.org

Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-09-23 22:08 UTC

Interesting ports on crs.ultradns.net (204.74.99.100):

(The 1666 ports scanned but not shown below are in state: closed)

PORT    STATE    SERVICE

25/tcp  filtered smtp

42/tcp  filtered nameserver

80/tcp  open     http

135/tcp filtered msrpc

139/tcp filtered netbios-ssn

445/tcp filtered microsoft-ds

Nmap finished: 1 IP address (1 host up) scanned in 93.878 seconds

kevlinux kevin # nmap -P0 google.com

Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-09-23 14:53 UTC

Interesting ports on google.com (72.14.207.99):

(The 1668 ports scanned but not shown below are in state: filtered)

PORT    STATE  SERVICE

80/tcp  open   http

113/tcp closed auth

179/tcp closed bgp

443/tcp open   https

```

outbox.rmu.edu is my school's email server. As you can see, the filtering rules change depending on the destination, but for some reason Gentoo.org refuses to load on Gentoo.

----------

## desultory

 *kevman wrote:*   

> As you can see, the filtering rules change depending on the destination, but for some reason Gentoo.org refuses to load on Gentoo.

 

That being all well and good, what ports are open to the outside from the Gentoo systems which do not have general network access as opposed to systems which do? Point being, how do the Gentoo systems appear different from other systems which do not have the same restrictions? For some obvious question bonus points, do the Gentoo systems which have restricted Internet access also have restrictions on services on the internal network?

----------

## kevman

 *desultory wrote:*   

> 
> 
>  Point being, how do the Gentoo systems appear different from other systems which do not have the same restrictions? 

 

That's more or less the question I'm trying to get answered here. I have no idea.

 *desultory wrote:*   

> 
> 
> For some obvious question bonus points, do the Gentoo systems which have restricted Internet access also have restrictions on services on the internal network?

 

Not that I can see. My webmail (webmail.rmu.edu) works fine, among others.

----------

