Thanks for the reply, # ipfw list 65535 allow ip from any to any
I did have more elaborate rule sets that worked great, with the exception of the whois/hostname lookups. I ran cvsup and installed world/kernel, using the same firewall rule as above. The problem seems to have stopped (as of this writing) The OS is running on an old 500mhz machine, and only the RAM is new. I had to replace the old 128MB card with a couple new ones, since the old card failed a memory check. Since this last recompile, all has been well and I thank you again for your response. VF -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Kinkade Sent: Friday, January 07, 2005 12:29 PM To: V Foulk Cc: freebsd-questions@freebsd.org Subject: Re: IPFW and whois lookup On Fri, Jan 07, 2005 at 10:23:16AM -0700, V Foulk wrote: > Hello, > > I have recently setup IPFW on a test box, and > found that (for the most part) it was pretty straight forward. Every > rule and service on the box seems to work great, except for one > problem I haven't been able to track down. Regardless of the > settings, even when set to **open as default with only the allow all > from any to any rule**, whois and hostname lookups fail. > > This problem prevented clamav from updating, and a whole > slew of other minor issues that pop up in the logs. I was hoping > someone may be able to point out something that I may have missed? > > When IPFW is enabled: > When the service uses the local NS, a manual whois gives: > whois: connect(): No route to host > > When the service uses the upstream NS, a manual whois gives: > whois: com.whois-servers.net: hostname nor servname provided, or not > known > > (NS as set in resolv.conf) > > The only way I can make the error 'go away' is to disable ipfw in > rc.conf and reboot. > > I am certain that this is just a silly oversight on my part. The > machine is running FreeBSD 5.2.1-RELEASE-p13, please let me know if > there is any other information I can provide that will be useful. > Thank you very much, > in advance, for the help. > > VF The output of `ipfw list` would be very helpful. Nathan _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
