Date: Mon, 3 Nov 2003 15:40:38 +0100 From: Andreas Klemm <andreas@FreeBSD.org> To: freebsd-current@FreeBSD.org Subject: Re: suddenly bind and access to NNTP server (localhost) doesn't work Message-ID: <20031103144038.GB1608@titan.klemm.apsfilter.org> In-Reply-To: <20031103141849.GC35045@procyon.firepipe.net> References: <20031103124706.GA1434@titan.klemm.apsfilter.org> <20031103141849.GC35045@procyon.firepipe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 03, 2003 at 06:18:49AM -0800, Will Andrews wrote:
> On Mon, Nov 03, 2003 at 01:47:06PM +0100, Andreas Klemm wrote:
> > Since about 2 days I can't make dns queries via local nameserver.
> > To get dns requests I need to add my forwarders in /etc/resolv.conf.
>
> I've noticed this before (on FreeBSD 4.8), then realized my ISP
> was blocking 53/TCP.
I found the culprit, for my eyes its a problem with ipfw.
Look here:
on titan the rule 100 doesn't work anymore for (for me) unknown reason:
00100 0 0 allow ip from any to any via lo0
00200 3 180 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65000 133 75074 allow ip from any to any
65535 21787 2611732 deny ip from any to any
FreeBSD titan.klemm.apsfilter.org 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Sun Oct 19 16:33:53 CEST 2003 root@titan.klemm.apsfilter.org:/usr/src/sys/i386/compile/TITAN i386
andreas@titan[ttyp3]{1004} ~ ll /sbin/ipfw
-r-xr-xr-x 1 root wheel 482184 2 Nov 21:26 /sbin/ipfw
On my Laptop aklemm the rule 100 (firewall type "open") works:
00100 206 20504 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65000 9498 3688895 allow ip from any to any
65535 0 0 deny ip from any to any
root@aklemm[ttyp2]{204} ~ ll /sbin/ipfw
-r-xr-xr-x 1 root wheel 482184 2 Nov 23:07 /sbin/ipfw
root@aklemm[ttyp2]{205} ~ uname -a
FreeBSD aklemm.klemm.apsfilter.org 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Sun Nov 2 23:55:37 CET 2003 root@aklemm.klemm.apsfilter.org:/usr/src/sys/i386/compile/AKLEMM i386
Because rule 100 isn't working for unknown reason on titan,
I get DNS and connect problem with a local NNTP server, since the
traffic pattern "from any to any via lo0" is needed, but doesn't work.
But I really have no idea, whats that causing...
Andreas ///
--
Andreas Klemm - Powered by FreeBSD 5.1-CURRENT
Need a magic printfilter today ? -> http://www.apsfilter.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031103144038.GB1608>