I passed! But I failed!

[gfish]

cyphertext.net's long connectivity nightmare is finally at an end.

After spending far too much time yesterday rewritting my firewall rules from scratch, it looks like everyone can finally access the site. Which is great, because that has been plaguing me for years. But it sucks, because it was my fault the entire time. Grumble.

(To pass the buck slightly, let me recommend against the generation tool at http://www.linux-firewall-tools.com/. My new one might be slightly less paranoid, but it works and I can look at it and understand what it's doing. They don't have to be 800 lines long.)

What this means is that you, the viewer at home, can finally view images hosted at cyphertext.net. As a completely egocentric service, here is a list of all the great posts you might have missed in the past:

Glassblowing
A month of random dorkery
All the Alaska pics, specifically the Arctic Circle
Concorde landing for the last time
Houston/freefall robot/Vomit Comet pics
Camping trip
Ari Fleischer with a pet monkey!
DC trip pics
Space robot machining (step-by-step lathe use)
Crazy PDA pouch repair (by lathe use)

Comments

[vixyish.livejournal.com]

Heck, it's been going on so long, you might want to add the wedding pictures and older stuff like that.

I think I'll make a similar post with a link to my artwork...

[xiadyn.livejournal.com]

Hmm. I like the super-paranoid firewall I got through that script, but I don't run a webserver so that's probably okay. What about it was causing problems (and why for only some people?)

[gfish.livejournal.com]

It was too restrictive about ICMP. There are (I now see) several ways in which blocking the wrong ICMP packets can hose a connection, depending on fiddly little implementation details.

[mdlbear]

I had good results with their tools, but they didn't support iptables when I needed them to, so I ended up going with Shorewall. My rules still need more tweaking -- I'm too permissive about outgoing connections -- but it all went together pretty easily.