David Harrington sent me the simple solution of having this configuration in my nsswitch.conf file: hosts: dns files instead of hosts: files dns It is one of those simple things I would never have thought of. Andrew Andrew_Rotramel@cch-lis.com@sunmanagers.org on 07/30/2004 11:54:27 AM Sent by: sunmanagers-bounces@sunmanagers.org To: sunmanagers@sunmanagers.org cc: Subject: Update: Checkpoint Blocking Solaris Thanks for the many, many responses. The main thing that is clear is that I did not describe the problem well enough. 1. DNS seems to work, meaning nslookup works. I get compatible info whether I do nslookup domain or nslookup IP. I can browse to the addresses I get from the DNS server. 2. I had no trouble browsing by name before the security folks installed the Checkpoint firewall 3. the DNS servers are inside the Checkpoint firewall 4. There are Windows boxes, mostly Win2000, on the same subnet, using the same DNS server, and they have no problem at all. 5. I do not have a proxy server configured in my browser 6. My /etc/resolv.conf and nsswitch.conf files are configured correctly. 7. I have done some nslookup searches on names that I don't think would be in the DNS server cache, namely the domains that many of the initial responses came from, and I get non-authoritative resolution on them all. That tells me that the DNS server is probably getting beyond the Checkpoint firewall. 8. traceroute and ping are both disabled at our routers One bit of summary I will do now is say that no one has ever heard of this sort of problem with Checkpoint. Andrew_Rotramel@cch-lis.com@sunmanagers.org on 07/29/2004 04:59:11 PM Sent by: sunmanagers-bounces@sunmanagers.org To: sunmanagers@sunmanagers.org cc: Subject: Checkpoint Blocking Solaris I have already checked the archive and Google. My security folks installed a Checkpoint firewall on Nokia hardware this weekend, and now my desktop Solaris 9 box can no longer get to URLs on the other side of that firewall. It can, however, get to IP addresses on the other side of the firewall. This means that I can't browse to www.sun.com, or ftp to ftp.sun.com, but I can browse to 209.249.116.195 or ftp to 192.18.99.146. Unfortunately, most web sites don't work that way. My security folks seem to have no idea how to fix this, but one of them thought there was a Checkpoint glitch involving Solaris boxes. So, anyone solve this one? Andrew Rotramel _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Jul 30 13:25:42 2004
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:36 EST