RE: Cant ping/nslookup

From: Yonatan Bokovza (Yonatan@xpert.com)
Date: 07/10/01 

From: Yonatan Bokovza <Yonatan@xpert.com>
To: 'Francisco Reyes' <lists@natserv.com>, "Nickolay A. Kritsky" <nkritsky@internethelp.ru>
Date: Tue, 10 Jul 2001 14:16:48 +0300

Hey,
Disclaimer: I'm not familiar with your network topology,
Which seems to be not trivial if you have more then one
NIC (fxp0 and ed0), hence I might be wrong. :)

Your problem as I see it is that you can't communicate
with your DNS, so you can't resolve freebsd.org, so you
can't ping it. Try pinging 216.136.204.21, that's the
resolved address.

Your Firewall defaults to "deny". That's a good thing.
However, due to your "grep deny" I don't see any rule
that explicitly allows you to communicate with the rest
of the world, or your DNS for that matter.

I can help you off-list if you'd mail me the entire rulebase
and a your network topology.

Best Regards,

Yonatan Bokovza
IT Security Consultant
Xpert Systems

> -----Original Message-----
> From: Francisco Reyes [mailto:lists@natserv.com]
> Sent: Tuesday, July 10, 2001 13:24
> To: Nickolay A. Kritsky
> Cc: freebsd-security@freebsd.org
> Subject: Re: Cant ping/nslookup
>
>
> On Tue, 10 Jul 2001, Nickolay A. Kritsky wrote:
>
<snip>
> Pinging 160.79.54.10 with 32 bytes of data:
> Request timed out.
<snip>
> Ping statistics for 160.79.54.10:
> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
>
> c:\>nslookup freebsd.org
> DNS request timed out.
> timeout was 2 seconds.
<snip>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages
Quantcast