From owner-freebsd-questions@FreeBSD.ORG Fri Jan 7 19:28:57 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2AF116A4CE for ; Fri, 7 Jan 2005 19:28:56 +0000 (GMT) Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 862DB43D1D for ; Fri, 7 Jan 2005 19:28:55 +0000 (GMT) (envelope-from nkinkade@fastmail.fm) Received: from frontend3.messagingengine.com (frontend3.internal [10.202.2.152]) by frontend1.messagingengine.com (Postfix) with ESMTP id 6A00EC4ADC2; Fri, 7 Jan 2005 14:28:54 -0500 (EST) X-Sasl-enc: rqlnKbOsNkdhCVhKdR6NBw 1105126132 Received: from gentoo-npk.bmp.ub (unknown [206.27.244.136]) by www.fastmail.fm (Postfix) with ESMTP id BE0EA25535; Fri, 7 Jan 2005 14:28:52 -0500 (EST) Received: from nkinkade by gentoo-npk.bmp.ub with local (Exim 4.21) id 1Cmzn2-0007Cw-4x; Fri, 07 Jan 2005 13:28:52 -0600 Date: Fri, 7 Jan 2005 13:28:52 -0600 From: Nathan Kinkade To: V Foulk Message-ID: <20050107192851.GK3639@gentoo-npk.bmp.ub> Mail-Followup-To: V Foulk , freebsd-questions@freebsd.org References: <000401c4f4dd$953bcad0$68bbbbc0@kewdaeahnhd04i> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2XUWoe1nmt7t49kG" Content-Disposition: inline In-Reply-To: <000401c4f4dd$953bcad0$68bbbbc0@kewdaeahnhd04i> User-Agent: Mutt/1.5.6i Sender: cc: freebsd-questions@freebsd.org Subject: Re: IPFW and whois lookup X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nathan Kinkade List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Jan 2005 19:28:57 -0000 --2XUWoe1nmt7t49kG Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 07, 2005 at 10:23:16AM -0700, V Foulk wrote: > Hello, >=20 > I have recently setup IPFW on a test box, and > found that (for the most part) it was pretty straight > forward. Every rule and service on the box seems to work > great, except for one problem I haven't been able to track > down. Regardless of the settings, even when set to open as > default with only the allow all from any to any rule, whois and > hostname lookups fail. >=20 > This problem prevented clamav from updating, and a whole=20 > slew of other minor issues that pop up in the logs. I was hoping > someone may be able to point out something that I may have missed? >=20 > When IPFW is enabled: > When the service uses the local NS, a manual whois gives: > whois: connect(): No route to host >=20 > When the service uses the upstream NS, a manual whois gives: > whois: com.whois-servers.net: hostname nor servname provided, or not known >=20 > (NS as set in resolv.conf) >=20 > The only way I can make the error 'go away' is to disable ipfw in rc.conf > and reboot. >=20 > I am certain that this is just a silly oversight on my part. > The machine is running FreeBSD 5.2.1-RELEASE-p13, please let me know if > there > is any other information I can provide that will be useful. Thank you very > much, > in advance, for the help. >=20 > VF The output of `ipfw list` would be very helpful. Nathan --2XUWoe1nmt7t49kG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB3uLzO0ZIEthSfkkRAu5PAJ40sod5QUFVwft9mDUFLAEYCcMXRACggxkv lRxC1psyQF5RXySfpWNdWmI= =yJqa -----END PGP SIGNATURE----- --2XUWoe1nmt7t49kG--