On 7/11/08, William L. Maltby <CentOS4Bill at triad.rr.com> wrote: <snip> >> I cannot dig +trace from my Desktop, as me or as root and I also >> cannot dig +trace from the ipcop box as of this time. > > Must be either firewall on your desktop or IPCop has some blocked > resources. Try to dig something from your desktop that is on your local > lan. Your IPCop box(es) should make good targets *if* nothing blocks the > needed responses. > > If you can get dig +trace to any other box on the lan, with trace > information shown, that means your desktop should be fine. My wife is using her Desktop box (compaq1300) on MS Windows at this time. I can dig but I cannot dig + trace to her box: [lanny at dell2400 ~]$ dig compaq1300.homelan ; <<>> DiG 9.3.4-P1 <<>> compaq1300.homelan ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45929 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;compaq1300.homelan. IN A ;; ANSWER SECTION: compaq1300.homelan. 0 IN A 192.168.10.56 ;; Query time: 19 msec ;; SERVER: 192.168.10.1#53(192.168.10.1) ;; WHEN: Fri Jul 11 15:52:34 2008 ;; MSG SIZE rcvd: 52 [lanny at dell2400 ~]$ [lanny at dell2400 ~]$ dig +trace compaq1300.homelan ; <<>> DiG 9.3.4-P1 <<>> +trace compaq1300.homelan ;; global options: printcmd ;; connection timed out; no servers could be reached [lanny at dell2400 ~] > > If not, inconclusive I guess. I am going to Disable the Firewall in my Desktop box and see if I can dig +trace with it off. > I would use the web interface to the IPCop box and see what has been > enabled/disabled. Unless the IPCop box has been really "buttoned down > tight", this should work as it does here. I believe it is pretty much "out of the box". Possibly the only setting I changed was not to respond to ping on the Red interface. >Caveat: IIRC, you don't have > the caching DNS running on the IPCop box? Maybe that has some affect? I > can't figure how, since when you try from the IPCop box it works. No Bill. Very early this morning, when I was able to SSH into the IPCop box, I was *not* able to dig +trace from it, with the results Scott Silva showed to gmail.com Caching DNS in the IPCop box is not running at this time. I will try that on our Backup IPCop box, when my demanding users (wife and 7 year old daughter) are not online. >That > means the remote DNS server allows this action and IPCop should normally > just do a "pass through" of these packets. > > Hmm... opined the grizzled old veteran. I guess we should ask the > version of IPCop here - they are not all created equally. Mine is the > 1.4.18 (IIRC), latest and greatest. Which reminds me - project has not > had an upgrade for a long time now. I wonder if it died? My IPCop installation shows that no Updates are available for it. "Available updates: All updates installed" Linux ipcop.homelan 2.4.34 #1 Mon Jul 16 23:11:03 GMT 2007 i586 pentium-mmx i386 GNU/Linux <snip> > Try specifying the DNS server on the end of the line (IIRC - maybe check > the man page to see). I will read up on dig and dig +trace > Works OK here. So there's certainly something different there. I will try it without the Firewall enabled in the Desktop, but I am wondering if my ISP is blocking use of the dig +trace command. I doubt that, but they may be blocking something? However, the fact that I am unable to dig +trace to my wife's box indicates the problem probably is with the Firewall in my Desktop, or something else within our home LAN. Thank you, very much, for your time and help! Lanny