On Fri, 2004-02-27 at 01:17, Carlos Mora wrote: > Actually that is exactly what I did last night. It took the problem away. I > will be testing this a little more this evening. Some very interesting > things though, > > 1. I took all rules out but the ACCEPT port 53 for both TCP and UDP, and > also left the REJECT rules in for TCP and UDP at the end. > When I tested. 'host www.google.com' still failed > 'host -T www.google.com' worked. > 2. I took out just the port 53 TCP rule and tried the same test. > 'host www.google.com' failed > 'host -T www.google.com' WORKED!!!! (This should have failed) > 3. I took out all rules except the REJECTs and got the same results! > 4. turned off ipchains all together and BOTH worked! > 5. I also tried a different default kernel. (binmem and std 2.4.20-8) > > Again, it was rather late when I made this discovery and I will do some more > testing this evening. > > This is some very strange behavior. I am very surprised that it has not been > uncovered before! It is probably only "strange" in your environment. :-) > I will keep everyone posted. Thanks for all the suggestions. Well, then I have another one for you. Since turning off ipchains fixes the problem it sounds as if you have some issue with ipchains. Therefore, now seems a good time to dump chains and move to tables. Suggest you checkout http://www.shorewall.net and consider using it as your iptables configuration utility. Shorewall is simple to understand and with a bit of reading you should be up and running on iptables in 30 minutes or less. Ed > > Does anyone know how to force a kernel core dump? And how to analyze it? > > Thanks > > Carlos -- "An opinion is like an asshole - everybody has one." - Clint Eastwood as Harry Callahan, The Dead Pool - 1988. -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list