From owner-freebsd-questions@FreeBSD.ORG Sat Jan 8 02:36:42 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0D3216A4CE for ; Sat, 8 Jan 2005 02:36:42 +0000 (GMT) Received: from mail.gemcons.com (mail.gemcons.com [66.111.54.130]) by mx1.FreeBSD.org (Postfix) with SMTP id CB88943D31 for ; Sat, 8 Jan 2005 02:36:34 +0000 (GMT) (envelope-from kaosent@kewd.com) Received: (qmail 73490 invoked by uid 399); 8 Jan 2005 03:58:48 -0000 Received: from unknown (HELO kewdaeahnhd04i) (68.63.186.182) by mail.gemcons.com with SMTP; 8 Jan 2005 03:58:48 -0000 From: "V Foulk" To: "'Nathan Kinkade'" Date: Fri, 7 Jan 2005 19:33:32 -0700 Message-ID: <000901c4f52a$74466ae0$68bbbbc0@kewdaeahnhd04i> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Importance: Normal In-Reply-To: <20050107192851.GK3639@gentoo-npk.bmp.ub> cc: freebsd-questions@freebsd.org Subject: RE: IPFW and whois lookup X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Jan 2005 02:36:42 -0000 Thanks for the reply, # ipfw list 65535 allow ip from any to any I did have more elaborate rule sets that worked great, with the exception of the whois/hostname lookups. I ran cvsup and installed world/kernel, using the same firewall rule as above. The problem seems to have stopped (as of this writing) The OS is running on an old 500mhz machine, and only the RAM is new. I had to replace the old 128MB card with a couple new ones, = since the old card failed a memory check. Since this last recompile, all has been = well and I thank you again for your response. VF -----Original Message----- From: nkinkade@gentoo-npk.bmp.ub [mailto:nkinkade@gentoo-npk.bmp.ub] On Behalf Of Nathan Kinkade Sent: Friday, January 07, 2005 12:29 PM To: V Foulk Cc: freebsd-questions@freebsd.org Subject: Re: IPFW and whois lookup On Fri, Jan 07, 2005 at 10:23:16AM -0700, V Foulk wrote: > Hello, >=20 > I have recently setup IPFW on a test box, and > found that (for the most part) it was pretty straight forward. Every=20 > rule and service on the box seems to work great, except for one=20 > problem I haven't been able to track down. Regardless of the=20 > settings, even when set to **open as default with only the allow all=20 > from any to any rule**, whois and hostname lookups fail. >=20 > This problem prevented clamav from updating, and a whole > slew of other minor issues that pop up in the logs. I was hoping > someone may be able to point out something that I may have missed? >=20 > When IPFW is enabled: > When the service uses the local NS, a manual whois gives: > whois: connect(): No route to host >=20 > When the service uses the upstream NS, a manual whois gives: > whois: com.whois-servers.net: hostname nor servname provided, or not=20 > known >=20 > (NS as set in resolv.conf) >=20 > The only way I can make the error 'go away' is to disable ipfw in=20 > rc.conf and reboot. >=20 > I am certain that this is just a silly oversight on my part. The=20 > machine is running FreeBSD 5.2.1-RELEASE-p13, please let me know if=20 > there is any other information I can provide that will be useful.=20 > Thank you very much, > in advance, for the help. >=20 > VF The output of `ipfw list` would be very helpful. Nathan