On Fri, 2008-07-11 at 16:15 -0500, Lanny Marcus wrote:
On 7/11/08, William L. Maltby CentOS4Bill@triad.rr.com wrote:
<snip> >><snip>
My wife is using her Desktop box (compaq1300) on MS Windows at this time. I can dig but I cannot dig + trace to her box:
That makes sense. I was thinking that you would have the backup (new) IPCop going with DNS caching going (and, naturally, local hosts defined, local domain defined, ...). Sorry for the confusion.
Unless some unit is a DNS server, or caching sever on the local lan, that would be a wasted effort.
[lanny@dell2400 ~]$ dig compaq1300.homelan
; <<>> DiG 9.3.4-P1 <<>> compaq1300.homelan ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45929 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;compaq1300.homelan. IN A
;; ANSWER SECTION: compaq1300.homelan. 0 IN A 192.168.10.56
;; Query time: 19 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Fri Jul 11 15:52:34 2008 ;; MSG SIZE rcvd: 52
[lanny@dell2400 ~]$
[lanny@dell2400 ~]$ dig +trace compaq1300.homelan
; <<>> DiG 9.3.4-P1 <<>> +trace compaq1300.homelan ;; global options: printcmd ;; connection timed out; no servers could be reached [lanny@dell2400 ~]
If not, inconclusive I guess.
<snip>
I would use the web interface to the IPCop box and see what has been enabled/disabled. Unless the IPCop box has been really "buttoned down tight", this should work as it does here.
I believe it is pretty much "out of the box". Possibly the only setting I changed was not to respond to ping on the Red interface.
Caveat: IIRC, you don't have the caching DNS running on the IPCop box? Maybe that has some affect? I can't figure how, since when you try from the IPCop box it works.
No Bill. Very early this morning, when I was able to SSH into the IPCop box, I was *not* able to dig +trace from it, with the results Scott Silva showed to gmail.com Caching DNS in the IPCop box is not running at this time. I will try that on our Backup IPCop box, when my demanding users (wife and 7 year old daughter) are not online.
That means the remote DNS server allows this action and IPCop should normally just do a "pass through" of these packets.
Hmm... opined the grizzled old veteran. I guess we should ask the version of IPCop here - they are not all created equally. Mine is the 1.4.18 (IIRC), latest and greatest. Which reminds me - project has not had an upgrade for a long time now. I wonder if it died?
My IPCop installation shows that no Updates are available for it. "Available updates: All updates installed"
He-he! A misleading message if there ever was one! IPCop expects that you have downloaded an update image. Later you can install it. There is no yum-like facility going on there (from a paranoid security POV that would be a big NO-NO).
You have to check your version (should appear in the installed updates section), go to the website and see if there is something new. The 1.4.18 was latest last I looked.
Linux ipcop.homelan 2.4.34 #1 Mon Jul 16 23:11:03 GMT 2007 i586 pentium-mmx i386 GNU/Linux
That doesn't show the IPCop software version. From the web interface, IIRC you can find out the version on one of its screens.
<snip>
<snip>
Thank you, very much, for your time and help! Lanny
NP!
<snip sig stuff>