From owner-freebsd-questions@FreeBSD.ORG  Fri Jan  7 17:25:22 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 43C3C16A4CE
	for <freebsd-questions@freebsd.org>;
	Fri,  7 Jan 2005 17:25:22 +0000 (GMT)
Received: from mail.gemcons.com (mail.gemcons.com [66.111.54.130])
	by mx1.FreeBSD.org (Postfix) with SMTP id A639B43D46
	for <freebsd-questions@freebsd.org>;
	Fri,  7 Jan 2005 17:25:21 +0000 (GMT)
	(envelope-from kaosent@kewd.com)
Received: (qmail 29781 invoked by uid 399); 7 Jan 2005 18:48:33 -0000
Received: from unknown (HELO kewdaeahnhd04i) (68.63.186.182)
  by mail.gemcons.com with SMTP; 7 Jan 2005 18:48:33 -0000
From: "V Foulk" <kaosent@kewd.com>
To: <freebsd-questions@freebsd.org>
Date: Fri, 7 Jan 2005 10:23:16 -0700
Message-ID: <000401c4f4dd$953bcad0$68bbbbc0@kewdaeahnhd04i>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Subject: IPFW and whois lookup
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2005 17:25:22 -0000

Hello,

	I have recently setup IPFW on a test box, and
found that (for the most part) it was pretty straight
forward.  Every rule and service on the box seems to work
great, except for one problem I haven't been able to track
down.  Regardless of the settings, even when set to open as
default with only the allow all from any to any rule, whois and
hostname lookups fail.

	This problem prevented clamav from updating, and a whole 
slew of other minor issues that pop up in the logs.  I was hoping
someone may be able to point out something that I may have missed?

When IPFW is enabled:
When the service uses the local NS, a manual whois gives:
whois: connect(): No route to host

When the service uses the upstream NS, a manual whois gives:
whois: com.whois-servers.net: hostname nor servname provided, or not known

(NS as set in resolv.conf)

The only way I can make the error 'go away' is to disable ipfw in rc.conf
and reboot.

I am certain that this is just a silly oversight on my part.
The machine is running FreeBSD 5.2.1-RELEASE-p13, please let me know if
there
is any other information I can provide that will be useful. Thank you very
much,
in advance, for the help.

VF