On Fri, 2008-07-11 at 06:49 -0500, Lanny Marcus wrote: > On 7/11/08, William L. Maltby <CentOS4Bill at triad.rr.com> wrote: > <snip> > ><snip> > I cannot dig +trace from my Desktop, as me or as root and I also > cannot dig +trace from the ipcop box as of this time. Must be either firewall on your desktop or IPCop has some blocked resources. Try to dig something from your desktop that is on your local lan. Your IPCop box(es) should make good targets *if* nothing blocks the needed responses. If you can get dig +trace to any other box on the lan, with trace information shown, that means your desktop should be fine. If not, inconclusive I guess. I would use the web interface to the IPCop box and see what has been enabled/disabled. Unless the IPCop box has been really "buttoned down tight", this should work as it does here. Caveat: IIRC, you don't have the caching DNS running on the IPCop box? Maybe that has some affect? I can't figure how, since when you try from the IPCop box it works. That means the remote DNS server allows this action and IPCop should normally just do a "pass through" of these packets. Hmm... opined the grizzled old veteran. I guess we should ask the version of IPCop here - they are not all created equally. Mine is the 1.4.18 (IIRC), latest and greatest. Which reminds me - project has not had an upgrade for a long time now. I wonder if it died? > > > [wild-bill at centos501 ~]$ dig +trace smtp-server.triad.rr.com > > ; <<>> DiG 9.3.4-P1 <<>> +trace smtp-server.triad.rr.com > > ;; global options: printcmd > <snip results of Bill's dig +trace from his Desktop> > > Here's what happens when I try that from my Desktop: > > [lanny at dell2400 ~]$ dig +trace smtp-server.triad.rr.com > > ; <<>> DiG 9.3.4-P1 <<>> +trace smtp-server.triad.rr.com > ;; global options: printcmd > ;; connection timed out; no servers could be reached Try specifying the DNS server on the end of the line (IIRC - maybe check the man page to see). > [lanny at dell2400 ~]$ su - > Password: > [root at dell2400 ~]# dig +trace smtp-server.triad.rr.com > > ; <<>> DiG 9.3.4-P1 <<>> +trace smtp-server.triad.rr.com > ;; global options: printcmd > ;; connection timed out; no servers could be reached > [root at dell2400 ~]# > > <snip> > Here's what happened, when I tried dig +trace from the ipcop box: > After SSH into ipcop.homelan I can dig gmail.com but I cannot dig > +trace gmail.com as Scott Silva did on his IPCop box. Works OK here. So there's certainly something different there. > > root at ipcop:~ # dig +trace gmail.com > > ; <<>> DiG 9.4.0 <<>> +trace gmail.com > ;; global options: printcmd > ;; connection timed out; no servers could be reached > root at ipcop:~ # dig gmail.com > > <snip> -- Bill