From owner-freebsd-questions Sun Oct 27 7:24:11 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F8E437B401 for ; Sun, 27 Oct 2002 07:24:09 -0800 (PST) Received: from nemesis.systems.pipex.net (nemesis.systems.pipex.net [62.241.160.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36FFC43E6A for ; Sun, 27 Oct 2002 07:24:08 -0800 (PST) (envelope-from stacey@Demon.vickiandstacey.com) Received: from Demon (81-86-129-77.dsl.pipex.com [81.86.129.77]) by nemesis.systems.pipex.net (Postfix) with ESMTP id B614016007CFA for ; Sun, 27 Oct 2002 15:24:03 +0000 (GMT) Subject: dig . ns @b.root-servers.net - Connection refused. WHY? [related to FBSD 4.7 reset itself - lots of "DENY UDP" mess]ages in /var/log/security From: Stacey Roberts Reply-To: sroberts@dsl.pipex.com To: FreeBSD Questions Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-6fkM8by0js0fypiATIX8" X-Mailer: Ximian Evolution 1.0.8 Date: 27 Oct 2002 15:24:07 +0000 Message-Id: <1035732248.394.22.camel@Demon.vickiandstacey.com> Mime-Version: 1.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-6fkM8by0js0fypiATIX8 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, I don't know if this is related to post earlier today [FBSD 4.7 reset itself - lots of "DENY UDP" messages in /var/log/security], but I've been trying to trouble shoot the "DENY" messages in /var/log/security using dig: # dig . ns @b.root-servers.net ; <<>> DiG 8.3 <<>> . ns @b.root-servers.net=20 ; (1 server found) ;; res options: init recurs defnam dnsrch ;; res_nsend to server b.root-servers.net 128.9.0.107: Connection refused #=20 I get connection refused for this. Checking security: Oct 27 15:16:26 Demon /kernel: ipfw: 910 Deny UDP :1381 128.9.0.107:53 out via sis0 Oct 27 15:16:26 Demon /kernel: ipfw: 910 Deny UDP 1:1382 128.9.0.107:53 out via sis0 #=20 Verifying relevant ipfw rules: # Allow out access to Internet Domain name server $fwcmd add 00618 allow tcp from any to any 53 out via $oif setup keep-state=20 $fwcmd add 00619 allow udp from any to any 53 out via $oif setup keep-state Checking ipfw rule 910: $fwcmd add 00910 deny log logamount 500 ip from any to any Why am I not able to query root servers, given my rules 00618 & 00619?=20 I'd appreciate someone helping me out here., (or hitting me over the head if I'm missing something simple and glaringly obvious) TIA=20 Stacey --=20 Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com --=-6fkM8by0js0fypiATIX8 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUAPbwFFZvQeubckvvXAQGdegf/cliHg/dhOkiueDXn/L1OUnxBus8ofRn+ YCbnpM2xDE5eXoH/5GsGsVF5+H4CAckmFuj8vcJvRbsg2VApHa5lIhSRjb/DXVbM x0jILmzcVANkkrTFqgkmq5UXOvEL/O66+4Pytz5uM7r9H9E8in7DzrHmdeEKKWdt pjGTpaMuEePgms10gGDHn47yEDWVYQ7M592vujQanve7dPCwDU8k+s77QSEX6Dji Ca754LL27oVtsR+ET1X+GybNFYPha9GLyuT0PiO8cQZN4bDMolDp6TRgHGsXQN5a 60sELSoWDxWztUrKrBGCAwTol5FcdMMkBwcibGHo4FOvYE7MenBiig== =Z2o1 -----END PGP SIGNATURE----- --=-6fkM8by0js0fypiATIX8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message