[ale] RH8 "Temporary failure in name resolution"

James P. Kinney III jkinney at localnetsolutions.com
Mon Feb 17 21:30:45 EST 2003


RH8 defaults to iptables. service iptables off should set the entire
firewall to wide open.

Double check the routing with netstat -rn. Sometimes 2 Nics in a box
causes route table typing problems :)

Double check that you can "see" the other end of the eth0 connection.
With RH, it is a good idea to shut down, pull out the Nic for the
internal interface and make sure you are configing what you think your
are configing. That way you know exactly what IRQ and IO port is used on
the external interface. I've fumbled that more times than I can
remember. Once you get th IRQ and IO port, set them in an alias in
/etc/module.conf and restart networking after stopping, then unloading
nic modules. It should come up OK. Now shut down, reinstall the LAN nic
and set it up the same way.

You might be able to dodge all of this shut down stuff with the gui
controls. They pop up a list of know hardware devices and give options
to selectively start/stop interfaces. dmesg should give something
intelligent on the network cards found at boot. /proc/interrupts and
/proc/ioports will give details on those items.

Telnet is turned off by default on RH8. It has to be deliberately
activated in /etc/xinetd.d/telnet. With the firewall off, try pings to
other LAN machines and to your dns server. use ping -n to not try and
resolve any names.

On Sun, 2003-02-16 at 14:25, Kevin Krumwiede wrote:
> On Mon, 2003-02-17 at 10:32, Jerry Z. Yu wrote:
> > 	to initiate connection from the router, the router box itself (or 
> > more specifically, its inner interface)  should be subject to the same 
> > forwarding rule that intranet boxes are under. However, many believe the 
> > router's be safer left without its own connection rights.
> 
> Well, I'm going to be very selective about what outbound traffic I
> allow.  I just need the ddclient daemon to be able to update my dyndns
> account.
> 
> It turns out that it's not a resolver problem at all.  I can't even
> connect to a numeric address, whether it's on the LAN or on the
> Internet.
> 
> I posted this problem on redhat-list and someone suggested using tcpdump
> to see what's getting out.  Here was my response to that suggestion:
> 
> I opened two ssh sessions and typed:
> 
>    # tcpdump -i eth0 > /var/tmp/tcpdump
> 
> I then killed tcpdump and ran:
> 
>    # grep -v [regex*] /var/tmp/tcpdump | grep -v 'arp'
> 
> * = matches IPs of Dark Age of Camelot servers
> 
> This produced no output.  This establishes a baseline for what is going
> through eth0 (ext ifc) on the router -- just DAoC stuff and arp chatter
> from the cable segment.
> 
> Then I restarted the tcpdump log, and from a machine on the LAN, I
> telnetted somewhere.  The telnet session showed up in the output of
> tcpdump.  (Along with a portscan for an open mail relay...)
> 
> Then I tried telnetting from the router itself.  This produced NO output
> from tcpdump. :o(
> 
> Now to make sure it's not the firewall.  Telnetting from the router
> should involve only the OUTPUT and INPUT chains, right?  I typed the
> following:
> 
>    # iptables -P INPUT ACCEPT
>    # iptables -F INPUT
>    # iptables -P OUTPUT ACCEPT
>    # iptables -F OUTPUT
> 
> ...and repeated the above test, starting tcpdump logging in one ssh
> session and telnet in the other, then grep'ing the log.  Again, NO
> telnet output from tcpdump!
> 
> I am inexperienced with RedHat, having always used Mandrake, and no guru
> with Linux by any means.  Could there be some other firewall in effect
> besides iptables?  Should I check my hosts.{allow,deny}?  Do you need to
> be in a certain group to access the network on RH8?  I can't even telnet
> out as root.
> 
> Or maybe it's nsswitch.conf, as Dow suggested?
> 
> Thanks,
> Krum
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics) <jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 

 This is a digitally signed message part




More information about the Ale mailing list