Why iptables is flowing? [closed]
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have iptables configuration:
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
And after, trying this:
user@debian:~$ host yahoo.com
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
yahoo.com has address 98.138.219.232
yahoo.com has address 72.30.35.9
yahoo.com has address 72.30.35.10
yahoo.com has address 98.137.246.7
yahoo.com has address 98.137.246.8
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
yahoo.com has IPv6 address 2001:4998:44:41d::3
yahoo.com has IPv6 address 2001:4998:44:41d::4
yahoo.com has IPv6 address 2001:4998:58:1836::10
yahoo.com has IPv6 address 2001:4998:58:1836::11
yahoo.com has IPv6 address 2001:4998:c:1023::4
yahoo.com mail is handled by 1 mta7.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta5.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta6.am0.yahoodns.net.
How? I thought, it was "cache", and try some others domains. They all been resolved.
"Ok, maybe it's some local DNS cache" - turn off internet from machine. Ok didn't resolve.
How? Why?
debian iptables dns
closed as unclear what you're asking by sebasth, Anthony Geoghegan, schily, Stephen Kitt, Rui F Ribeiro Jun 14 at 18:57
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, itâÂÂs hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |Â
up vote
0
down vote
favorite
I have iptables configuration:
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
And after, trying this:
user@debian:~$ host yahoo.com
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
yahoo.com has address 98.138.219.232
yahoo.com has address 72.30.35.9
yahoo.com has address 72.30.35.10
yahoo.com has address 98.137.246.7
yahoo.com has address 98.137.246.8
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
yahoo.com has IPv6 address 2001:4998:44:41d::3
yahoo.com has IPv6 address 2001:4998:44:41d::4
yahoo.com has IPv6 address 2001:4998:58:1836::10
yahoo.com has IPv6 address 2001:4998:58:1836::11
yahoo.com has IPv6 address 2001:4998:c:1023::4
yahoo.com mail is handled by 1 mta7.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta5.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta6.am0.yahoodns.net.
How? I thought, it was "cache", and try some others domains. They all been resolved.
"Ok, maybe it's some local DNS cache" - turn off internet from machine. Ok didn't resolve.
How? Why?
debian iptables dns
closed as unclear what you're asking by sebasth, Anthony Geoghegan, schily, Stephen Kitt, Rui F Ribeiro Jun 14 at 18:57
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, itâÂÂs hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
If you think your edit answers your question, post it as an answer.
â Tomasz
Jun 14 at 13:00
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have iptables configuration:
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
And after, trying this:
user@debian:~$ host yahoo.com
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
yahoo.com has address 98.138.219.232
yahoo.com has address 72.30.35.9
yahoo.com has address 72.30.35.10
yahoo.com has address 98.137.246.7
yahoo.com has address 98.137.246.8
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
yahoo.com has IPv6 address 2001:4998:44:41d::3
yahoo.com has IPv6 address 2001:4998:44:41d::4
yahoo.com has IPv6 address 2001:4998:58:1836::10
yahoo.com has IPv6 address 2001:4998:58:1836::11
yahoo.com has IPv6 address 2001:4998:c:1023::4
yahoo.com mail is handled by 1 mta7.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta5.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta6.am0.yahoodns.net.
How? I thought, it was "cache", and try some others domains. They all been resolved.
"Ok, maybe it's some local DNS cache" - turn off internet from machine. Ok didn't resolve.
How? Why?
debian iptables dns
I have iptables configuration:
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
And after, trying this:
user@debian:~$ host yahoo.com
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
yahoo.com has address 98.138.219.232
yahoo.com has address 72.30.35.9
yahoo.com has address 72.30.35.10
yahoo.com has address 98.137.246.7
yahoo.com has address 98.137.246.8
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
yahoo.com has IPv6 address 2001:4998:44:41d::3
yahoo.com has IPv6 address 2001:4998:44:41d::4
yahoo.com has IPv6 address 2001:4998:58:1836::10
yahoo.com has IPv6 address 2001:4998:58:1836::11
yahoo.com has IPv6 address 2001:4998:c:1023::4
yahoo.com mail is handled by 1 mta7.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta5.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta6.am0.yahoodns.net.
How? I thought, it was "cache", and try some others domains. They all been resolved.
"Ok, maybe it's some local DNS cache" - turn off internet from machine. Ok didn't resolve.
How? Why?
debian iptables dns
edited Jun 14 at 13:29
asked Jun 14 at 12:45
user41204
164
164
closed as unclear what you're asking by sebasth, Anthony Geoghegan, schily, Stephen Kitt, Rui F Ribeiro Jun 14 at 18:57
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, itâÂÂs hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as unclear what you're asking by sebasth, Anthony Geoghegan, schily, Stephen Kitt, Rui F Ribeiro Jun 14 at 18:57
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, itâÂÂs hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
If you think your edit answers your question, post it as an answer.
â Tomasz
Jun 14 at 13:00
add a comment |Â
If you think your edit answers your question, post it as an answer.
â Tomasz
Jun 14 at 13:00
If you think your edit answers your question, post it as an answer.
â Tomasz
Jun 14 at 13:00
If you think your edit answers your question, post it as an answer.
â Tomasz
Jun 14 at 13:00
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
Solved!
I didn't notice that magic:
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
And thus, i have to setup rules for "ip6tables":
# ip6tables -P INPUT DROP
# ip6tables -P OUTPUT DROP
# ip6tables -P FORWARD DROP
and my result:
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; connection timed out ; no servers could be reached
P.S. If I remembered about "tcpdump", then problem solved faster.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Solved!
I didn't notice that magic:
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
And thus, i have to setup rules for "ip6tables":
# ip6tables -P INPUT DROP
# ip6tables -P OUTPUT DROP
# ip6tables -P FORWARD DROP
and my result:
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; connection timed out ; no servers could be reached
P.S. If I remembered about "tcpdump", then problem solved faster.
add a comment |Â
up vote
1
down vote
Solved!
I didn't notice that magic:
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
And thus, i have to setup rules for "ip6tables":
# ip6tables -P INPUT DROP
# ip6tables -P OUTPUT DROP
# ip6tables -P FORWARD DROP
and my result:
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; connection timed out ; no servers could be reached
P.S. If I remembered about "tcpdump", then problem solved faster.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Solved!
I didn't notice that magic:
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
And thus, i have to setup rules for "ip6tables":
# ip6tables -P INPUT DROP
# ip6tables -P OUTPUT DROP
# ip6tables -P FORWARD DROP
and my result:
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; connection timed out ; no servers could be reached
P.S. If I remembered about "tcpdump", then problem solved faster.
Solved!
I didn't notice that magic:
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
And thus, i have to setup rules for "ip6tables":
# ip6tables -P INPUT DROP
# ip6tables -P OUTPUT DROP
# ip6tables -P FORWARD DROP
and my result:
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; connection timed out ; no servers could be reached
P.S. If I remembered about "tcpdump", then problem solved faster.
answered Jun 14 at 13:12
user41204
164
164
add a comment |Â
add a comment |Â
If you think your edit answers your question, post it as an answer.
â Tomasz
Jun 14 at 13:00