Text 2, 158 rader
Skriven 2004-03-03 12:02:04 av Mike Luther (1:117/3001.0)
     Kommentar till en text av Peter Knapper (3:772/1.10)
Ärende: Privoxy - Ijfire help?
==============================
Thank you so much for your time at this Peter (And Mark and as well as Will
Honea who posted something that let me stumble on how this blows up!

 PK> Ok, I think I need to better understand your actual 
 PK> setup. To me, it sounds like your issues might relate 
 PK> more to box addressing, configuration and function, 
 PK> rather than a specific application issue.

 PK>   1. Can you provide some sort of diagram explaining 
 PK> this, use ficticuous addressing if desired. EG In its 
 PK> simplest form my LAN looks a bit like this -

 PK> All devices are network 192.168.1.x  mask 255.255.255.0

 PK>       to ISP
 PK>         |
 PK>        RTR .2 (inside)
 PK>         |
 PK>         +-------+-------+----> LAN
 PK>         |       |       |
 PK>         A       B       C
 PK>         .11     .12     .13

Yes.  And that LAN also includes, as well COAX as needed.

 PK>  - RTR does NAT from Internet (outside) to LAN (inside).
 PK>  - RTR has a Firewall.
 PK>  - RTR provides DHCP to the Local LAN which serves up -
 PK>         1. IP Addr, Mask,
 PK>         2. Gateway (.2),
 PK>         3. DSN1 is A, DNS2 is ASP1, DNS3 is ASP2.

Well .. it should.  But in some cases .. it looks like it can't!  If you read
the docs and set the ZyXel up correctly, with a fixed address, as I have here,
the DNS service addresses are NUMERIC and known to the ZyXel.

 PK>  - Host A does NOT use DHCP and points its DNS to 
 PK> itself (127.0.0.1). Host A 
 PK> runs BIND as a cacheing and local LAN only DNS. BIND 
 PK> points first to my ISP DNS's, then to the ROOT DNS's.
 PK>  - RTR points to the DNS Server on Host A, then ISP 1, 
 PK> then ISP2. It provides no DNS Services, it only USES 
 PK> the DNS (if it needs it).

Sort of.   But blows up if 127.0.0.1 is behind an Injoy software firewall,under
some cases with some IP service providers for some reason.  As seems and is in
the documents for both Injoy firewall and ZyXel, REVERSE DNS action requests
may cause problems if you as for numeric service!  You are cautioned about
doing this in some cases.  But of course PRIVOXY wants a 'standard' 127.0.0.1
way as does IJB per the docs.

In my case most of the boxes need to be able to work not only behind the ZyXel,
but on demand with the Injoy dialer as POTS and for more than one IP source if
needed that way.  That doesn't lend itself to 127.0.0.1, no?

 PK>  - Each PC runs Privoxy - Privoxy(00001) Info: Privoxy version 3.0.2
 PK>  - Most of my PC's use static addressing, however I do 
 PK> use DHCP for a few laptops...

 PK> So no machine is dependant on any other machine to access the Internet. 
 PK> No machine is dependant on Host A for DNS, however 
 PK> they will experience a delay if the local DNS not 
 PK> available (which sounds like what you are 
 PK> experiencing). If my ISP changed its DNS addresses, 
 PK> then my DNS should work around that for all sites 
 PK> EXCEPT my ISP, because my cacheing DNS will always 
 PK> fall back to a ROOT DNS if my ISP DNS does not 
 PK> respond. I would need both my DNS, and both of my 
 PK> ISP's DNS's to fail, to be DNS dead.

And you are DEAD ON correct, but for another very wierd and strange reason Will
Honea's post to me prodded me to look at.

 PK> So COX changed your STATIC addresses, AND their DNS 
 PK> addresses? Are YOUR static addresses used on the 
 PK> "inside" interface of your Router (if so, on which 
 PK> boxes)? I need some clarity of this part of the 
 PK> configuration...

Not the STATIC address!  Only the DNS servers!  And didn't tell me.


 ML>   2.) If I uninstall the IJfire on a box with PRIVOXY 2.0.2 that
 ML>       has never been upgraded to 2.0.3, it too, now still has
 ML>       the one minute delays!

 PK> I don't know IJfire however it may use its has its own DNS search 
 PK> algorithm. This may be masking what is going on...

Here is how the mess erupts.

I'd never paid real attention to something in the MPTN\ETC directory before.
But when Will Honea suggested that he solved a TelNet problem by finding a
DUPLICATE route with netstat -r, I took a look at all the boxes here. Surprise!
 In the case with each INJOY software FIREWALLED box, by God and Glory, there
was still the old domain's nameserver primary and secondary routes in there and

                  ON TOP OF THE CORRECT ONES!

Duhh?  I've changed all of this!  I swear I've done this right!  How??

Answer; there is yet another RESOLVE file in there.  In addition to the
customary "RESOLV2" there is also a "RESOLV" file which isn't on any box that
doesn't have the Injoy software firewall installed!   And, yes, you've jumped
to the right thought.  In it are the OLD domain and DNS nameserver pointers
still from a file YEARS old here.  Just about the time the firewall was
installed.  OK, uninstall firewall - will the provided disablement, not a
complete install.  No difference.  Re-enable it.  No difference.  So whatever
put it there and needs it, sure doesn't respond to any current version of
TCP/IP Local LAN setup, MPTN setup changes, or Injoy changes!

My guess is that the installation of the Injoy firewall put it there based on
the then-known parameters of the Injoy DOIP dialer, and it never gets changed
or checked after that.

And you have to "resolv" before you "resolv2" do anything with OS/2 LAN's..

I hand edited the "resolv" file to correct it for the current stuff. Instant
success and everything is now working.  But what is everything?


   1.) PRIVOXY now works perfectly.  That though it didn't without
       the delay of one minute per URL hit, even though IJB it's
       predecessor doesn't have the 'defect'.  Why?

       Yet under no circumstances would MOX, IWB or NS4.61 work
       with PRIVOXY as the proxy server with either alpha or
       numeric 'addressing' in the title bar.  Why?

   2.) ZOC can suddenly instantly resolve NUMERIC addresses for
       Telnet connects without a one minute delay, even though
       it had no problems with ALPHA addresses the old way.  Why?

       Yet if you called ZOC from a helper app in MOX, the same
       situation as above exists!  Why?

   3.) FTPSERV had a one minute delay changing to one specific
       file area on my FTP server here.  Only one area.  No other
       area with far more files in it was affected at all.  The
       instant I corrected "resolv", perfect action.  This is
       almost insane.  Why?

   4.) Of all things, POLARBAR, which was taking a minute to connect
       on these boxes and to pop up ready for mail, suddenly comes
       alive again instantly and is ready in a few seconds!  Why?


I could try and install the Injoy software firewall on a fresh box just to
prove a point.  Hasn't shifted to focus yet, grin.  Mouse is out of the trap
and maybe shouldn't care, no?


--> Sleep well; OS/2's still awake! ;)

Mike @ 1:117/3001

--- Maximus/2 3.01
 * Origin: Ziplog Public Port (1:117/3001)