[Haifux] Router question

Kohn Emil Dan emild at cs.technion.ac.il
Mon Oct 18 03:38:37 MSD 2010


I am also connected to Bezeq Beinleumi (actually 'upgraded' to it after 
Actcom's demise). I have tried your gpg command, and I found IMO some 
interesting results.

Doing an nslookup on subkeys.pgp.net reveals that this host has a number 
of IP addresses:

$ nslookup
Note:  nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead.  Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
> subkeys.pgp.net

Non-authoritative answer:
Name:   subkeys.pgp.net
Name:   subkeys.pgp.net
Name:   subkeys.pgp.net
Name:   subkeys.pgp.net
Name:   subkeys.pgp.net
Name:   subkeys.pgp.net

I tried your gpg command using the host name subkeys.pgp.net and then 
with each IP address instead of the host name.

Using the host name subkeys.pgp.net causes the command to hang (I guess 
because the command tries only the first IP address).
The command succeeds if using the IP addresses and while it fails for the rest of the addresses. For the last 
IP address (i.e. causes the command to fail with "No route 
to host", while with the rest of the "problematic" addresses it just hangs

On Sat, 16 Oct 2010, Ohad Lutzky wrote:

> Hello everyone,
> I have a Linksys DSL-2760u router/DSL modem, using a Wow (Bezeq) connection
> to the Bezeq International ISP. It seems that various outgoing ports are
> blocked - HTTP, HTTPS, bittorrent and SSH work well enough, but - for
> example - I can't download Android apps from the Market. Easier to test, I
> can't download PGP public keys. For example:
> gpg -v -v --keyserver subkeys.pgp.net --recv F120156012B83718
> gpg: requesting key 12B83718 from hkp server subkeys.pgp.net
> This hangs indefinitely. So does this:
> telnet subkeys.pgp.net 11371
> Trying
> The same occurs for other keyservers, git-protocol, and various other
> "unconventional" high-port usage. I've gone over the router settings,
> disabled its firewall (but not NAT, which I need), added my machine to the
> DMZ (this actually seems to help, sometimes, for git - and even then, only
> once), tried port triggering... I can't get a consistent result.
> I should note that this issue only exists for *outgoing* ports. I have no
> problem mapping *incoming* ports (such as my openssh server or bittorrent
> web interface).
> --
> Man is the only animal that laughs and weeps, for he is the only animal that
> is struck with the difference between what things are and what they ought to
> be.
>  - William Hazlitt
> Ohad Lutzky

More information about the Haifux mailing list