IPFW and whois lookup

V Foulk kaosent at kewd.com
Fri Jan 7 09:25:22 PST 2005


	I have recently setup IPFW on a test box, and
found that (for the most part) it was pretty straight
forward.  Every rule and service on the box seems to work
great, except for one problem I haven't been able to track
down.  Regardless of the settings, even when set to open as
default with only the allow all from any to any rule, whois and
hostname lookups fail.

	This problem prevented clamav from updating, and a whole 
slew of other minor issues that pop up in the logs.  I was hoping
someone may be able to point out something that I may have missed?

When IPFW is enabled:
When the service uses the local NS, a manual whois gives:
whois: connect(): No route to host

When the service uses the upstream NS, a manual whois gives:
whois: com.whois-servers.net: hostname nor servname provided, or not known

(NS as set in resolv.conf)

The only way I can make the error 'go away' is to disable ipfw in rc.conf
and reboot.

I am certain that this is just a silly oversight on my part.
The machine is running FreeBSD 5.2.1-RELEASE-p13, please let me know if
is any other information I can provide that will be useful. Thank you very
in advance, for the help.


