IPFW and whois lookup

[V Foulk]

Hello,

I have recently setup IPFW on a test box, and
found that (for the most part) it was pretty straight
forward.  Every rule and service on the box seems to work
great, except for one problem I haven't been able to track
down.  Regardless of the settings, even when set to open as
default with only the allow all from any to any rule, whois and
hostname lookups fail.

This problem prevented clamav from updating, and a whole 
slew of other minor issues that pop up in the logs.  I was hoping
someone may be able to point out something that I may have missed?

When IPFW is enabled:
When the service uses the local NS, a manual whois gives:
whois: connect(): No route to host

When the service uses the upstream NS, a manual whois gives:
whois: com.whois-servers.net: hostname nor servname provided, or not known

(NS as set in resolv.conf)

The only way I can make the error 'go away' is to disable ipfw in rc.conf
and reboot.

I am certain that this is just a silly oversight on my part.
The machine is running FreeBSD 5.2.1-RELEASE-p13, please let me know if
there
is any other information I can provide that will be useful. Thank you very
much,
in advance, for the help.

VF

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

RE: IPFW and whois lookup

[V Foulk]

Thanks for the reply,

# ipfw list
65535 allow ip from any to any

I did have more elaborate rule sets that worked great, with the
exception of the whois/hostname lookups.
I ran cvsup and installed world/kernel, using the same firewall rule
as above.

The problem seems to have stopped (as of this writing)
The OS is running on an old 500mhz machine, and only the RAM
is new. I had to replace the old 128MB card with a couple new ones, since
the
old card failed a memory check. Since this last recompile, all has been well
and I thank you again for your response.

VF


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Nathan Kinkade
Sent: Friday, January 07, 2005 12:29 PM
To: V Foulk
Cc: freebsd-questions@freebsd.org
Subject: Re: IPFW and whois lookup


On Fri, Jan 07, 2005 at 10:23:16AM -0700, V Foulk wrote:
 Hello,
 
   I have recently setup IPFW on a test box, and
 found that (for the most part) it was pretty straight forward.  Every 
 rule and service on the box seems to work great, except for one 
 problem I haven't been able to track down.  Regardless of the 
 settings, even when set to **open as default with only the allow all 
 from any to any rule**, whois and hostname lookups fail.
 
   This problem prevented clamav from updating, and a whole
 slew of other minor issues that pop up in the logs.  I was hoping
 someone may be able to point out something that I may have missed?
 
 When IPFW is enabled:
 When the service uses the local NS, a manual whois gives:
 whois: connect(): No route to host
 
 When the service uses the upstream NS, a manual whois gives:
 whois: com.whois-servers.net: hostname nor servname provided, or not 
 known
 
 (NS as set in resolv.conf)
 
 The only way I can make the error 'go away' is to disable ipfw in 
 rc.conf and reboot.
 
 I am certain that this is just a silly oversight on my part. The 
 machine is running FreeBSD 5.2.1-RELEASE-p13, please let me know if 
 there is any other information I can provide that will be useful. 
 Thank you very much,
 in advance, for the help.
 
 VF

The output of `ipfw list` would be very helpful.

Nathan

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]