[ale] RH8 "Temporary failure in name resolution"

Kevin Krumwiede kjkrum at comcast.net
Sun Feb 16 14:25:09 EST 2003


On Mon, 2003-02-17 at 10:32, Jerry Z. Yu wrote:
> 	to initiate connection from the router, the router box itself (or 
> more specifically, its inner interface)  should be subject to the same 
> forwarding rule that intranet boxes are under. However, many believe the 
> router's be safer left without its own connection rights.

Well, I'm going to be very selective about what outbound traffic I
allow.  I just need the ddclient daemon to be able to update my dyndns
account.

It turns out that it's not a resolver problem at all.  I can't even
connect to a numeric address, whether it's on the LAN or on the
Internet.

I posted this problem on redhat-list and someone suggested using tcpdump
to see what's getting out.  Here was my response to that suggestion:

I opened two ssh sessions and typed:

   # tcpdump -i eth0 > /var/tmp/tcpdump

I then killed tcpdump and ran:

   # grep -v [regex*] /var/tmp/tcpdump | grep -v 'arp'

* = matches IPs of Dark Age of Camelot servers

This produced no output.  This establishes a baseline for what is going
through eth0 (ext ifc) on the router -- just DAoC stuff and arp chatter
from the cable segment.

Then I restarted the tcpdump log, and from a machine on the LAN, I
telnetted somewhere.  The telnet session showed up in the output of
tcpdump.  (Along with a portscan for an open mail relay...)

Then I tried telnetting from the router itself.  This produced NO output
from tcpdump. :o(

Now to make sure it's not the firewall.  Telnetting from the router
should involve only the OUTPUT and INPUT chains, right?  I typed the
following:

   # iptables -P INPUT ACCEPT
   # iptables -F INPUT
   # iptables -P OUTPUT ACCEPT
   # iptables -F OUTPUT

...and repeated the above test, starting tcpdump logging in one ssh
session and telnet in the other, then grep'ing the log.  Again, NO
telnet output from tcpdump!

I am inexperienced with RedHat, having always used Mandrake, and no guru
with Linux by any means.  Could there be some other firewall in effect
besides iptables?  Should I check my hosts.{allow,deny}?  Do you need to
be in a certain group to access the network on RH8?  I can't even telnet
out as root.

Or maybe it's nsswitch.conf, as Dow suggested?

Thanks,
Krum

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list