Whois - unable to connect.

Simon Slater pyevet at aapt.net.au
Thu Nov 20 03:07:26 UTC 2008 

On Thu, 2008-11-20 at 11:25 +1100, Simon Slater wrote:
> 
> On Thu, 2008-11-20 at 07:25 +0800, Ed Greshko wrote:
> > Simon Slater wrote:
> > > On Thu, 2008-11-20 at 06:43 +0800, Ed Greshko wrote:
> > >   
> > >>>       I suppose the config file is the first place to look, but what
> > >>>       
> > >> is the
> > >>     
> > >>> relevant section?  Couldn't see anything relevant in bugzilla.  I'm
> > >>> using F8 if that makes a difference.
> > >>>
> > >>>   
> > >>>       
> > >> Q1   Are all whois requests timing out or just this one?  e.g.  whois
> > >> cnn.com  works? fails?
> > >>
> > >>     
> > > [simon at ipex ~]$ whois cnn.com
> > > [Querying whois.verisign-grs.com]
> > > [Unable to connect to remote host]
> > > [simon at ipex ~]$ 
> > > All for the past while, Ed, but not sure when it started.
> > >   
> > >> Q2   Have you tried something like wireshark or tcpdump and filtered
> > >> on
> > >> port 43 (whois port)?
> > >>
> > >>     
> > > Nothing at all on wireshark port 43 TCP nor UDP. So the request is not
> > > being sent at all?
> > >   
> > Right...  Not going out at all....  Something with your firewall setup?
> > 
> I think I got the iptables syntax wrong on that try.  Someone's just
> dropped in. I'll post back soon with the results.
> 
Back again.  I made changes to the iptables rules but still no joy.  The
changes must not be correct because in the logs are:

Nov 20 13:59:14 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.172.32 DST=192.149.252.44 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=6278 DF PROTO=TCP SPT=40743 DPT=43 WINDOW=5840 RES=0x00 SYN URGP=0
Nov 20 13:59:17 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.172.32 DST=192.149.252.44 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=6279 DF PROTO=TCP SPT=40743 DPT=43 WINDOW=5840 RES=0x00 SYN URGP=0
Nov 20 13:59:26 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.172.32 DST=199.43.0.144 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=46068 DF PROTO=TCP SPT=50299 DPT=43 WINDOW=5840 RES=0x00 SYN URGP=0
Nov 20 13:59:29 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.172.32 DST=199.43.0.144 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=46069 DF PROTO=TCP SPT=50299 DPT=43 WINDOW=5840 RES=0x00 SYN URGP=0
Nov 20 13:59:33 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0
SRC=59.101.172.32 DST=199.7.51.74 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=46927 DF PROTO=TCP SPT=44984 DPT=43 WINDOW=5840 RES=0x00 SYN URGP=0


The additions to the iptable rules are in the snipped listing below.
What did I do wrong?


[root at ipex ~]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp
echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp
destination-unreachable
ACCEPT     tcp  --  anywhere             anywhere            multiport
sports http,https state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            multiport
dports http,https state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp
spt:domain state ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            udp
spt:domain state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            multiport
sports smtp,pop3,nntp state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:smtp state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:nicname state ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            udp
dpt:nicname state ESTABLISHED
<SNIP>

Chain FORWARD (policy DROP)
target     prot opt source               destination
<SNIP>
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:nicname
ACCEPT     udp  --  anywhere             anywhere            udp
dpt:nicname
LOG_DROP   all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
<SNIP>
ACCEPT     tcp  --  anywhere             anywhere            tcp
spt:nicname state NEW,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            udp
spt:nicname state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:ftp-data state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:65535 dpts:1024:65535 state NEW,RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             192.168.0.0/24
ACCEPT     udp  --  default              255.255.255.255     udp
spt:bootps dpt:bootpc
<SNIP>
ACCEPT     all  --  ipex.local           192.168.0.0/24
LOG_DROP   all  --  anywhere             anywhere

Chain LOG_ACCEPT (8 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level
warning prefix `[IPTABLES ACCEPT] : '
ACCEPT     all  --  anywhere             anywhere

Chain LOG_DROP (3 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level
warning prefix `[IPTABLES DROP] : '
DROP       all  --  anywhere             anywhere

-- 
Regards,
Simon Slater
Registered Linux User #463789. Be counted at: http://counter.li.org/

More information about the fedora-list mailing list