Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Getting whois queries working with iptables
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Bigun
Advocate
Advocate


Joined: 21 Sep 2003
Posts: 2155

PostPosted: Mon Sep 02, 2019 2:33 pm    Post subject: Getting whois queries working with iptables Reply with quote

I currently have a default DROP policy on INPUT, OUTPUT, and FORWARD.

I have a chain called whois-out appended to OUTPUT.

The whois-out chain contains:

Code:
Chain whois-out (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       192.168.0.202        0.0.0.0/0            tcp dpt:43


and I'm allowing all RELATED and ESTABLISHED connections on INPUT and OUTPUT

Code:
Chain INPUT (policy DROP 0 packets, 0 bytes)
...
ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED


Code:
Chain OUTPUT (policy DROP 1 packets, 60 bytes)
...
ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED


yet when I run the whois command:

Code:
 # whois google.com
connect: Connection refused


What am I missing?

*edit*

So, it looks like whois lookups work if its an IP address. If whois is given a domain name, does it use a different port than 43?
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim
Back to top
View user's profile Send private message
axl
l33t
l33t


Joined: 11 Oct 2002
Posts: 719
Location: Romania

PostPosted: Mon Sep 02, 2019 3:53 pm    Post subject: Reply with quote

I think, but not sure, you need to enable udp as well, and port 63 tcp/udp too. See if that works.
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 4335
Location: Dallas area

PostPosted: Mon Sep 02, 2019 3:58 pm    Post subject: Reply with quote

Domain stuff would use port 53 and as axl said, enable udp (preferred mechanism for dns)
_________________
Asus m5a99fx, FX 8320 - nouveau, oss4, rx550 for qemu passthrough
Acer laptop E5-575, i3-7100u - i965, alsa
---both---
5.0.13 zen kernel, profile 17.1 (no-pie & modified) amd64-no-multilib
gcc 8.2.0, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
axl
l33t
l33t


Joined: 11 Oct 2002
Posts: 719
Location: Romania

PostPosted: Mon Sep 02, 2019 4:02 pm    Post subject: Reply with quote

Ohhh, I didn't consider DNS connections as well. But according to /etc/services, whois is reserved for both tcp/udp connections and there's also a whois+ on port 63 (also tcp and udp). At least that's why I mentioned 63 as well. But Moose is right, you should also check DNS.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum