[SOLVED] Host and ping command not working

dheerajsuthar2008 · 02-28-2010, 03:37 AM

Hi,
I am working behind a http proxy (172.30.x.x:3128). I have configured it in my terminal. All the applications such as wget,lynx firefox etc. are working correctly.However all dns utilities like nslookup, host and even ping too are not working.Following is output of host command:

Code:

root@ding:~# host google.com
;; connection timed out; no servers could be reached

Output of host -T:

Code:

root@ding:~# host -T google.com
;; Connection to 4.2.2.2#53(4.2.2.2) for google.com failed: connection refused.

similarly for nslookup:

Code:

root@ding:~# host google.com
;; connection timed out; no servers could be reached

ping doesn't give any output at all just hangs there.

Contents of my resolv.conf:

Code:

nameserver 4.2.2.2

my ifconfig eth0:

Code:

eth0      Link encap:Ethernet  HWaddr 00:22:19:e4:2f:dd
          inet addr:172.30.104.174  Bcast:172.30.105.255  Mask:255.255.254.0
          inet6 addr: fe80::222:19ff:fee4:2fdd/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:32041 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1531 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3651099 (3.6 MB)  TX bytes:261345 (261.3 KB)
          Interrupt:19 Base address:0x4000

my uname-a:

Code:

Linux ding 2.6.30.9 #1 SMP Tue Dec 1 21:51:08 EST 2009 i686 GNU/Linux

Using Backtrack 4
To connect to net I have to first run dhclient3(learnt from this forum!).It gives me my ip but where is dns address sent I don't have and idea. Kindly do help me about as I am learning about these stuff and doesnot have clear idea how all that dns etc. works.
Thanks in advance

rigor · 02-28-2010, 08:41 PM

If the proxy is an http proxy, as in a proxy only for *http*, then it might be configured to not allow
other types of communication through. The facilities you mentioned, wget, lynx, and firefox, use http,
typically via port 80 ( at the far end ). The other commands you mentioned, use other ports, such
as port 53 for dns, etc. You need to find to double check how the proxy is intended to function.

nimnull22 · 02-28-2010, 09:16 PM

Can you "ping 4.2.2.2"?

devwatchdog · 02-28-2010, 10:51 PM

You should check to see what the proxy server uses for a DNS server, and attempt to use that. Sounds like whatever that network uses for a firewall isn't allowing outbound DNS queries from your system. If your network has an internal DNS server, try using it.

You could also point DNS queries at the proxy server. It could possibly be acting as a DNS server too.

Too many unknowns to give definitive answers. Something, somewhere in this network is allowed to query public DNS servers. I'm guessing you are using a static IP on your system. If there is a dhcp server configured in the environment, you could configure your system for a dhcp lease, and possibly see what the DNS servers are that are assigned with the lease.

I don't know what your environment is like, and whether you should be poking around the network, either. I once worked for a networking security company where we provided firewalls and IDS/IPS units for mainly financial institutions. Many of the networks we protected where extremely restrictive in what client systems could, and could not do. If you are at work, just be careful, and abide by whatever protocols/policies the company has established.

If you're at home, have at it.

dheerajsuthar2008 · 03-01-2010, 07:43 AM

Quote:

Originally Posted by kakaka

If the proxy is an http proxy, as in a proxy only for *http*, then it might be configured to not allow
other types of communication through. The facilities you mentioned, wget, lynx, and firefox, use http,
typically via port 80 ( at the far end ). The other commands you mentioned, use other ports, such
as port 53 for dns, etc. You need to find to double check how the proxy is intended to function.

Thanks for reply. Yes what you say seems to be true. Although the proxy provided(squid) is not under my control(give by college admin.) but its behaviour is as you said.All other traffic are banned I suppose except http and ftp.Any way to redirect them to these ports.

dheerajsuthar2008 · 03-01-2010, 07:44 AM

Quote:

Originally Posted by nimnull22

Can you "ping 4.2.2.2"?

Thanks for reply.
No I wasn't able to . Request timed out every time.

repo · 03-01-2010, 07:47 AM

Quote:

Yes what you say seems to be true. Although the proxy provided(squid) is not under my control(give by college admin.) but its behaviour is as you said.All other traffic are banned I suppose except http and ftp.Any way to redirect them to these ports.

I would suggest to contact the IT people

dheerajsuthar2008 · 03-01-2010, 07:48 AM

Quote:

Originally Posted by devwatchdog

You should check to see what the proxy server uses for a DNS server, and attempt to use that. Sounds like whatever that network uses for a firewall isn't allowing outbound DNS queries from your system. If your network has an internal DNS server, try using it.

You could also point DNS queries at the proxy server. It could possibly be acting as a DNS server too.

Too many unknowns to give definitive answers. Something, somewhere in this network is allowed to query public DNS servers. I'm guessing you are using a static IP on your system. If there is a dhcp server configured in the environment, you could configure your system for a dhcp lease, and possibly see what the DNS servers are that are assigned with the lease.

I don't know what your environment is like, and whether you should be poking around the network, either. I once worked for a networking security company where we provided firewalls and IDS/IPS units for mainly financial institutions. Many of the networks we protected where extremely restrictive in what client systems could, and could not do. If you are at work, just be careful, and abide by whatever protocols/policies the company has established.

If you're at home, have at it.

Thaks for reply.Actually the proxy is provided by college admin. Its some squid proxy on linux server(got this info by some bad page request!).I do get my ip through dhcp(via dhclient3 command). But I don't know how to get the internal DNS adress(only way I know is that of "resolv.conf" which gives strange 4.2.2.2 address). Can you guide me further.

nimnull22 · 03-01-2010, 11:14 AM

Type in root console:
dhcpcd -T <interface>, like for ex. dhcpcd -T eth0 or wlan0, depend on through which interface you are connected.

It gives to see all you a dhcp response.

Also try to "ping 208.67.222.222", and if you can ping it try "telnet 208.67.222.222 53"
If you wont be able to ping and telnet, I would thing your admin use not only proxy, but also firewall and netfilter.

salasi · 03-01-2010, 12:16 PM

Quote:

Originally Posted by dheerajsuthar2008

...But I don't know how to get the internal DNS adress(only way I know is that of "resolv.conf" which gives strange 4.2.2.2 address). Can you guide me further.

I thought that I recognised that 4.2.2.2 as a well-known dns provider that I had once used (& thought that I'd reply as it made me look like the kind of person who kept their mental DNS database up-to-date), but I was wrong. Maybe I was getting confused with:

Quote:

The Google Public DNS IP addresses are as follows:
8.8.8.8
8.8.4.4

(although, OpenDNS

Quote:

Put these nameserver addresses as your ‘DNS Servers’: 208.67.222.222, 208.67.220.220

works, too.)

Note that

Quote:

I am working behind a http proxy (172.30.x.x:3128)

means that for the normal http case, the squid proxy will do the resolution, so the fact that resolutions requested via the proxy work, doesn't mean that your basic look up set-up is correct.

dheerajsuthar2008 · 03-02-2010, 02:01 PM

Quote:

Originally Posted by nimnull22

Type in root console:
dhcpcd -T <interface>, like for ex. dhcpcd -T eth0 or wlan0, depend on through which interface you are connected.

It gives to see all you a dhcp response.

Also try to "ping 208.67.222.222", and if you can ping it try "telnet 208.67.222.222 53"
If you wont be able to ping and telnet, I would thing your admin use not only proxy, but also firewall and netfilter.

Thanks for reply!
Tried the command which you said and got following output.Now here which one should I use for dns ip kindly tell:

Code:

root@bt:~# dhcpcd -T eth0
IPADDR='172.30.105.101'
NETMASK='255.255.254.0'
NETWORK='172.30.104.0'
BROADCAST='172.30.105.255'
ROUTES=''
GATEWAYS='172.30.104.1'
DHCPSID='172.30.0.90'
LEASETIME='31536000'
RENEWALTIME='15768000'
REBINDTIME='27594000'
INTERFACE='eth0'
CLASSID='dhcpcd 3.2.3'
CLIENTID='ff:65:74:68:30:00:01:00:01:13:20:1d:4b:00:22:19:e4:2f:dd'
DHCPCHADDR='00:22:19:e4:2f:dd'

# dhcpcd-1.x and 2.x compatible variables
GATEWAY='172.30.104.1'

dheerajsuthar2008 · 03-02-2010, 02:04 PM

Quote:

Originally Posted by salasi

I thought that I recognised that 4.2.2.2 as a well-known dns provider that I had once used (& thought that I'd reply as it made me look like the kind of person who kept their mental DNS database up-to-date), but I was wrong. Maybe I was getting confused with:

(although, OpenDNS

works, too.)

Note that means that for the normal http case, the squid proxy will do the resolution, so the fact that resolutions requested via the proxy work, doesn't mean that your basic look up set-up is correct.

Thanks for reply!
tried both google and OpenDNS dns address in /etc/resolv.conf but no use.
Is there any way I can carry out these commands on some http port (I wonder how my mozilla firefox browser and wget are doing it.)

rigor · 03-02-2010, 03:57 PM

It's just a long shot, but sometimes the proxy server address can be used as the DNS server address. Have you tried using 172.30.104.1 as the nameserver address in your resolv.conf ?

dheerajsuthar2008 · 03-03-2010, 12:19 PM

Quote:

Originally Posted by kakaka

It's just a long shot, but sometimes the proxy server address can be used as the DNS server address. Have you tried using 172.30.104.1 as the nameserver address in your resolv.conf ?

Thanks for reply!
Sorry,this way also failed.I think its totally banned by college admin.

Are there any other http based alternatives for these commands on linux. If yes please kindly tell them. It would be very nice if they are commandline based(linux) so that I can record my findings easily. Mainly I need alternatives for these commands:
host
nslookup
whois <--web based alternatives are there for these but I want something to run through terminal.
Waiting eagerly for your kind replies.

nimnull22 · 03-03-2010, 01:30 PM

Ok, I have ask you to try to: "ping 208.67.222.222".

Also try to type: "nslookup www.google.com 208.67.222.222"

If you do not receive anything - probably 53 port is closed, and you have to talk to your sysadmin about it.

Also you can try to do next things:
type in address bar on your browser : http://208.69.32.231/, and press enter