• Computing Resources
  • News
  • New Users
  • Policies
  • Sesfs File Server
  • Web Server
  • Computer Labs
  • CEES Computational Clusters
  • Get Help
  • Net Connections
  • Your Macintosh
  • Your Windows PC
  • Your Unix/Linux System
  • Other School Resources
    • Network
    • Computer Labs
    • Printers
    • Security
    • Workstation Backup
    • Power Management
    • University Resources
    • FAQ
  • Using Unix

Why can't I connect to pangea from home, when I can access other computers?

Last revision September 7, 2005

Occasionally, someone who connects his home computer to a commercial Internet Service Provider (not directly to Stanford University DSL) finds that he cannot make ssh, ftp, or telnet connections from that computer to pangea, even though he can connect to other non-Stanford sites.

Though there can be many causes for such a network problem, the most common one is the case where the IP address that your computer obtains from the ISP is not properly registered in the ISP's name server.

Like many security-conscious servers, pangea uses the tcp wrappers program to monitor and restrict network connections. One important feature of this program is that it tries to verify the identity of an incoming connection. It takes the IP address on the incoming connection packet, and looks it up to find the associated network host name. Then it does the reverse, taking that network host name, and looking it up to see what IP address is assigned to it. This procedure helps to catch cases where a hacker is trying to "spoof" or pretend to be another computer. If either of these lookups fails, or if they yield conflicting results, then pangea will refuse the connection.

Where does pangea look up network host names and IP addresses? It uses the name servers provided by the ISP. If those name servers are mis-configured, pangea will not get the information it needs, and will refuse the connection.

There is nothing that can be done to solve this problem on pangea. The problem is entirely in the name servers provided by the ISP. In this case, the subscriber (you) needs to bring this problem to the attention of the ISP to get it fixed. The system manager on pangea can check the system logs to verify if this name service problem is occurring. Simply email the date(s) and time(s) when your connection attempts to pangea failed, along with any information you have on the IP address allocated to you by your ISP, to the pangea system manager. If you can't find the IP address used by your computer (for example, using the Network preference pane in the System Preferences application in MacOS X; the ipconfig /all command in a command prompt window in Windows NT/2000/XP, the winipcfg command in Windows 95/98; or the Get Info function in the TCP/IP control panel in "Classic" MacOS 7, 8, or 9), at least give the name of the ISP.