View previous topic :: View next topic |
Author |
Message |
Bigun Advocate
Joined: 21 Sep 2003 Posts: 2196
|
Posted: Mon Sep 02, 2019 2:33 pm Post subject: Getting whois queries working with iptables |
|
|
I currently have a default DROP policy on INPUT, OUTPUT, and FORWARD.
I have a chain called whois-out appended to OUTPUT.
The whois-out chain contains:
Code: | Chain whois-out (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.0.202 0.0.0.0/0 tcp dpt:43
|
and I'm allowing all RELATED and ESTABLISHED connections on INPUT and OUTPUT
Code: | Chain INPUT (policy DROP 0 packets, 0 bytes)
...
ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED |
Code: | Chain OUTPUT (policy DROP 1 packets, 60 bytes)
...
ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED |
yet when I run the whois command:
Code: | # whois google.com
connect: Connection refused |
What am I missing?
*edit*
So, it looks like whois lookups work if its an IP address. If whois is given a domain name, does it use a different port than 43? _________________ "It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
Back to top |
|
|
axl Veteran
Joined: 11 Oct 2002 Posts: 1144 Location: Romania
|
Posted: Mon Sep 02, 2019 3:53 pm Post subject: |
|
|
I think, but not sure, you need to enable udp as well, and port 63 tcp/udp too. See if that works. |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6098 Location: Dallas area
|
Posted: Mon Sep 02, 2019 3:58 pm Post subject: |
|
|
Domain stuff would use port 53 and as axl said, enable udp (preferred mechanism for dns) _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
axl Veteran
Joined: 11 Oct 2002 Posts: 1144 Location: Romania
|
Posted: Mon Sep 02, 2019 4:02 pm Post subject: |
|
|
Ohhh, I didn't consider DNS connections as well. But according to /etc/services, whois is reserved for both tcp/udp connections and there's also a whois+ on port 63 (also tcp and udp). At least that's why I mentioned 63 as well. But Moose is right, you should also check DNS. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|