Firewall is based on IPChains firewall from Ziegler's book "Linux Firewalls" 1st ed, which denies all then allows as needed. I've triple-checked the firewall -- the only non-comment changes made were all added ACCEPT statements, all cut&pasted from the Home firewall. There are no IP-specific denies that I added to the firewall - and I haven't updated rc.firewall.blocked in months.
Sounds like you're further up on Linux firewalling than I am, actually. For myself, I run a modified Linux Router Project disk image, and let NAT and Portsentry take care of most of my issues. If you say it's clean, then it must be clean. Understand though, the techs will NEVER believe this. At ALL. If you made changes to a firewall and then you couldn't access, it's Somebody Else's Problem, and that's their professional opinion. (I should know, I was one. :) )
Well, the problem was in the firewall, but it doesn't explain EVERYTHING that happened. After two hours on the phone Mon afternoon with Qwest tech support level 2, they insisted I try ping/traceroute with the firewall disabled. Pings moved through as expected ...hmmmm I'd been through the firewall code so many times I just about had it memorized, so I decided to look at the file rc.firewall.blocked which it reads, which has of a list of IPChains statements blocking IP#s (which the main firewall doesn't do). I hadn't really updated this much recently, because when someone started banging on the firewall, it was tough to know if it was a static IP or not. Anyways ... found TWO entries that were <Home IP#>/24 and <Home network>/24 ... basically the same thing. Don't remember putting THOSE in there <g> When I rebuilt the last hacked machine (EFO) I copied rc.firewall and rc.firewall.blocked from the home machine, because I couldn't read the copies I'd backed up from EFO.... so the block against the Home IP was at both ends of the link. The only mystery is why everything worked for two hours Friday night before I reloaded the EFO firewall -- because the rc.firewall.blocked file hadn't been changed in more than a week, and had already been loaded with the firewall when I first brought up the EFO server on Friday. Now if I could get any takers on finding out why none of my servers can send email to each other (but only each other) since they were upgrade from RH7.0 to RH7.3 (sendmail 8.11.6) I'll be all set. [Email to list 10/31] Dick