Reply's interspersed:
I just brought up my fourth RH7.3 server Friday afternoon (one of two RH7.0 servers that had been hacked-new hard drive and software). I then went home and spent a couple of hours connected to it with ssh on a workstation connected to my home RH7.3 server.
When I went to rerun a slightly modified (open ports for ftp and internal dhcp twiddling) ipchains firewall I lost the connection, and, more than 16 hours later, don't have it back.
Smells like a typo referencing - specifically - Home's IP address or block, based on this. Double and triple check your firewall configs as a first step. If those are clean:
Home and EFO are on the same ISP and each has a block of 4 static IPs. The blocks share the first 18 bits of their IP#s.
Above tidbit might be important later. And actually, they're listing in your config as blocks of 8, with 6 useable.
Home now cannot connect to EFO via ssh, or access its web site. Pings are disabled on all my servers - so I can't do that test.
I STRONGLY recommend that you re-enable ping on both Home and EFO servers in order to perform this test. Firstly, it's really difficult to pingflood a box these days, second, it's a pretty darned useful indicator. This can be gotten around though, so if you're leery - say, you've been pingflooded recently - then skip it. Run a traceroute to Home from EFO and to EFO from Home. That will tell you, at the very least, where the traffic is dying.
EFO network workstations can browse the web; I can ping out from the EFO linux box or workstations, and can ping EFO's Cisco 678 router from its Linux box
All good here.
EFO workstations cannot access Home websites (but I had not tried this before since rebuilding EFO Linux box
Most likely a symptom of the overall problem, but don't forget to test again.
Home Cisco 678 cannot be pinged from Home Linux box (!) or EFO (Linux or workstation), but can be pinged from my office (Linux box on other ISP).
Uh... Houston, we have a problem. If the tech IS being straight with you, then the issue has to be on both sites, but one site is severely impairing the other.
From my office workstation I can also ssh to EFO and access EFO website (which in fact I uploaded to the new server from my office today). Does this discount the possibility of a firewall issue?
Not even remotely. All it proves out is that there's no rule in the firewall to block access from your office's IP addresses. There still might be a rule in place to block access to and/or from one site to the other. Note also that this is really easy to do accidentally, because one word change can totally break the intended rule. I'll let someone with more IPChains/IPTables experience help with that one.
I spent countless hours talking to the ISP (Qwest) tech support, and over an hour with a senior tech who had some Linux knowledge, and he claims that it must be a configuration issue on one or both of my Home and EFO Linux boxes, since:
He can login to both my Cisco routers and ping the other router - he claims this proves its not a Qwest routing problem.
Provisionally, this is correct. The provision has to do with whether or not the tech just ran "ping -c 100 ip.for.efo.site" or if he actually did the CORRECT thing and sourced it off of your Ethernet interface on the router. If Qwest is misrouting your allocation, all sorts of things can go wonky. The only way to test that would be to source off the ethernet IP address from both routers to the same. A straight ping will simply do the WAN IP, which (of course) is routed correctly on Qwest's network. I'm not sure about the Cisco 678s, since I never crawled around in one, but if it's running a standard flavor of Cisco IOS, he should be able to source it off of just about anything he wants to. If he's a senior tech with a clue, it's entirely possible that he did source off the ethernet interface, in which case it's back to config issue.
If he's right I'm still puzzled by two things: a) Why could I connect from Home to EFO for two hours last night, no problems? b) Why can't the Home Linux box ping the Cisco 678 directly connected to it?
The former is simple; most likely the error causing the issue was introduced when you made whatever changes you did. The latter has all sorts of interesting possibilities, but there's no way of knowing without having access to both the 678 and the linux box and about an hour to monkey around. I note that you don't mention whether or not Home can access The World At Large, though you do mention it with the EFO site. Also, as I mentioned above, you're showing as having an assigned block of 8 IPs, of which 6 are normally useable. Knock out one for the router, and that leaves 5 assignable. Since 4 IPs is a little wierd, are you sure that you don't have either more and Qwest is just being stubborn, or perhaps they've routed them differently? Others will probably have an idea or two as well, but this to me just screams config error. Which might be why the tech was convinced of it. =)