IPFW and whois lookup

V Foulk kaosent at kewd.com
Fri Jan 7 18:36:42 PST 2005 

Thanks for the reply,

# ipfw list
65535 allow ip from any to any

I did have more elaborate rule sets that worked great, with the
exception of the whois/hostname lookups.
I ran cvsup and installed world/kernel, using the same firewall rule
as above.

The problem seems to have stopped (as of this writing)
The OS is running on an old 500mhz machine, and only the RAM
is new. I had to replace the old 128MB card with a couple new ones, since
the
old card failed a memory check. Since this last recompile, all has been well
and I thank you again for your response.

VF


-----Original Message-----
From: nkinkade at gentoo-npk.bmp.ub [mailto:nkinkade at gentoo-npk.bmp.ub] On
Behalf Of Nathan Kinkade
Sent: Friday, January 07, 2005 12:29 PM
To: V Foulk
Cc: freebsd-questions at freebsd.org
Subject: Re: IPFW and whois lookup


On Fri, Jan 07, 2005 at 10:23:16AM -0700, V Foulk wrote:
> Hello,
> 
> 	I have recently setup IPFW on a test box, and
> found that (for the most part) it was pretty straight forward.  Every 
> rule and service on the box seems to work great, except for one 
> problem I haven't been able to track down.  Regardless of the 
> settings, even when set to **open as default with only the allow all 
> from any to any rule**, whois and hostname lookups fail.
> 
> 	This problem prevented clamav from updating, and a whole
> slew of other minor issues that pop up in the logs.  I was hoping
> someone may be able to point out something that I may have missed?
> 
> When IPFW is enabled:
> When the service uses the local NS, a manual whois gives:
> whois: connect(): No route to host
> 
> When the service uses the upstream NS, a manual whois gives:
> whois: com.whois-servers.net: hostname nor servname provided, or not 
> known
> 
> (NS as set in resolv.conf)
> 
> The only way I can make the error 'go away' is to disable ipfw in 
> rc.conf and reboot.
> 
> I am certain that this is just a silly oversight on my part. The 
> machine is running FreeBSD 5.2.1-RELEASE-p13, please let me know if 
> there is any other information I can provide that will be useful. 
> Thank you very much,
> in advance, for the help.
> 
> VF

The output of `ipfw list` would be very helpful.

Nathan

More information about the freebsd-questions mailing list