Re: Can't connect to DNS servers -- Firewall prob?
Hi! I tried a simple ping to the IP address of the nameserver and am getting this: # ping 66.135.144.2 PING 66.135.144.2 (66.135.144.2): 56 data bytes ping: sendto: No route to host I looked at my /etc/rc.conf and there's only one line related to router or gateway: gateway_enable=YES Is there supposed to be other parameters here? The default gateway should also be defined: defaultrouter=IP address of your default gateway -- Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ * The human brain is the apparatus with which we think we think. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Can't connect to DNS servers -- Firewall prob?
What you want is the defaultrouter -- That tells the system where packets should be directed that aren't for the local LAN. (IE: anything not in 192.168.x.x) in rc.conf, add: defaultrouter=0.0.0.0 change 0.0.0.0 to point to the SMC Router's IP (It's acting as a gateway for your network, if you check the setup of your other systems you'll probably find that their default routes/gateway are pointing to this router. I added that link to /etc/rc.conf. Is there a way to reload this file without rebooting? _ Unlimited Internet access -- and 2 months free! Try MSN. http://resourcecenter.msn.com/access/plans/2monthsfree.asp To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Can't connect to DNS servers -- Firewall prob?
I added that link to /etc/rc.conf. Is there a way to reload this file without rebooting? Not AFAIK. You can get the same result by manually loading the route: route add default 0.0.0.0 where 0.0.0.0 is the SMC router's IP addy. That worked!! I added the route to my SMC router and now DNS traffic is working. However, on startup, it still hands when it tried to initialize the hostname. In order to continue startup I have to hard break it with CTRL+C! _ Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Can't connect to DNS servers -- Firewall prob?
try checking for updated DNS from your ISP. I've had that problem before..outdated dns. Charles Pelletier Tech. Coordinator St Luke's School - Original Message - From: C KH [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, October 30, 2002 11:54 AM Subject: Re: Can't connect to DNS servers -- Firewall prob? I added that link to /etc/rc.conf. Is there a way to reload this file without rebooting? Not AFAIK. You can get the same result by manually loading the route: route add default 0.0.0.0 where 0.0.0.0 is the SMC router's IP addy. That worked!! I added the route to my SMC router and now DNS traffic is working. However, on startup, it still hands when it tried to initialize the hostname. In order to continue startup I have to hard break it with CTRL+C! _ Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Can't connect to DNS servers -- Firewall prob?
Make sure your box has permission to connect /to/ these systems. The rules below allow the DNS servers to send things *to* your box, but don't allow your box to send things TO those servers. You need to give your box the ability to send the request /out/ to them in the first place. The hostname hangup is due to it trying to resolve the domain. Once you get the DNS resolving that problem will disappear. I have explicitly added these rules to my /etc/rc.firewall: $fwcmd add allow udp from 66.135.144.2 53 to $oip $fwcmd add allow udp from 66.135.128.68 53 to $oip $fwcmd add allow tcp from 66.135.144.2 53 to $oip $fwcmd add allow tcp from 66.135.128.68 53 to $oip (where $oip is my external IP address). Another possibly related thing is that on bootup, my server hangs indefinitely as the initializing hostname part. I need to hard break it with CTRL+C to continue bootup. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
RE: Can't connect to DNS servers -- Firewall prob?
Change rules so they look this. $fwcmd add allow udp from 66.135.144.2 53 to $oip $fwcmd add allow udp from 66.135.128.68 53 to $oip $fwcmd add allow tcp from 66.135.144.2 53 to $oip $fwcmd add allow tcp from 66.135.128.68 53 to $oip $fwcmd add allow udp from $oip to 66.135.144.2 53 $fwcmd add allow udp from $oip to 66.135.128.68 53 $fwcmd add allow tcp from $oip to 66.135.144.2 53 $fwcmd add allow tcp from $oip to 66.135.128.68 53 -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd-questions;FreeBSD.ORG]On Behalf Of C KH Sent: Tuesday, October 29, 2002 1:53 PM To: [EMAIL PROTECTED] Subject: Can't connect to DNS servers -- Firewall prob? I have 2 computers on a network -- one freebsd 4.7 and one slackware linux. The slackware linux box is able to connect to the DNS servers no problem, so I know it's not a problem with my ISP. My FreeBSD 4.7 box is unable to contact either primary or secondary nameservers. I have explicitly added these rules to my /etc/rc.firewall: $fwcmd add allow udp from 66.135.144.2 53 to $oip $fwcmd add allow udp from 66.135.128.68 53 to $oip $fwcmd add allow tcp from 66.135.144.2 53 to $oip $fwcmd add allow tcp from 66.135.128.68 53 to $oip (where $oip is my external IP address). Another possibly related thing is that on bootup, my server hangs indefinitely as the initializing hostname part. I need to hard break it with CTRL+C to continue bootup. Any ideas? I don't know how to tell if this is a larger problem with my server configuration or somethign to do with a firewall rule. Suggestions appreciated. _ Get faster connections -- switch to MSN Internet Access! http://resourcecenter.msn.com/access/plans/default.asp To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Can't connect to DNS servers -- Firewall prob?
Actually I neglected to mention I also have this rule: # Allow all traffic from internal lan $fwcmd add allow all from 192.168.0.0/16 to any This should take care of ANY traffic from my internal lan, including DNS requests from my machines to the nameservers, no? From: Simon1 [EMAIL PROTECTED] To: C KH [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Can't connect to DNS servers -- Firewall prob? Date: Tue, 29 Oct 2002 13:57:08 -0500 (EST) Make sure your box has permission to connect /to/ these systems. The rules below allow the DNS servers to send things *to* your box, but don't allow your box to send things TO those servers. You need to give your box the ability to send the request /out/ to them in the first place. The hostname hangup is due to it trying to resolve the domain. Once you get the DNS resolving that problem will disappear. I have explicitly added these rules to my /etc/rc.firewall: $fwcmd add allow udp from 66.135.144.2 53 to $oip $fwcmd add allow udp from 66.135.128.68 53 to $oip $fwcmd add allow tcp from 66.135.144.2 53 to $oip $fwcmd add allow tcp from 66.135.128.68 53 to $oip (where $oip is my external IP address). Another possibly related thing is that on bootup, my server hangs indefinitely as the initializing hostname part. I need to hard break it with CTRL+C to continue bootup. _ Get faster connections -- switch to MSN Internet Access! http://resourcecenter.msn.com/access/plans/default.asp To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Can't connect to DNS servers -- Firewall prob?
Actually I neglected to mention I also have this rule: # Allow all traffic from internal lan $fwcmd add allow all from 192.168.0.0/16 to any How is this box configured? If it's setup to act as a gateway: LOCAL_LAN (192.168.x.x) Interface A | Server | Internet ($externam_ip) Interface B The DNS servers are going to be on the Internet, from what you posted, which means that your server isn't connecting to it as 192.168.x.x, but isntead as $external_ip_address. So, allowing the 192.168.x.x network to access anything isn't going to work -- because as far as the server is concerned it's using $external_ip. You need a rule allowing whatever address its using for the *internet* to connect to the nameserver. To use a (made up) example: I setup a gateway machine for NAT etc. Local LAN address is 192.168.0.1, external address is 100.10.10.1 When the system accesses the internal network, it'll make use if the 192.168.0.1 address, but when it goes out on the internet (on the second network card) it'll use the 100.10.10.1 If the DNS servers aren't on the 192.168.x.x LAN, and are on the internet instead, you'll need to add a rule to allow 100.10.10.1 (aka your external IP) to access the DNS servers. -Wolfe To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Can't connect to DNS servers -- Firewall prob?
Okay, I think I follow your setup here. Have you tried allow any from any -- just to see if it works? I'm wondering if it might not be another setting causing the problem -- What's your gateway set to on the FreeBSD box? Usually its the defaultrouter variable in rc.conf. Okay, i took your advice and added these lines to /etc/rc.firewall: # allow everything for debugging rules $fwcmd add allow all from any to any I reloaded the rules but still can't connect to the nameserver. So this indicates something else must be wrong i guess! I tried a simple ping to the IP address of the nameserver and am getting this: # ping 66.135.144.2 PING 66.135.144.2 (66.135.144.2): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host (i get this if I ping either nameserver IP). I looked at my /etc/rc.conf and there's only one line related to router or gateway: gateway_enable=YES Is there supposed to be other parameters here? _ Unlimited Internet access for only $21.95/month. Try MSN! http://resourcecenter.msn.com/access/plans/2monthsfree.asp To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
