PDA

View Full Version : firewall blocks apt-get?


akaiser
14th April 2009, 01:00
When I activate default firewall in ISPConfig3 I got following connection errors when using apt-get update:

Err http://ftp.us.debian.org stable Release.gpg
Could not resolve 'ftp.us.debian.org'
Err http://security.debian.org stable/updates Release.gpg
Could not resolve 'security.debian.org'
Err http://ftp.debian.org stable Release.gpg
Could not resolve 'ftp.debian.org'
Reading package lists... Done


When I ping domains it also didn't work, but when I ping IP it works... so I think this could be related with server dns...

The issue is that when I deactivate the ispconfig firewall all works!

This server is a openvz vps, debian 5 with following firewall config:

Open TCP ports: 20,21,222,25,53,80,110,143,443,3306,8080,10000
Open UDP ports: 53,3306

amcom
14th April 2009, 01:15
Exactly same problem here.

Any advice?

akaiser
14th April 2009, 01:31
Exactly same problem here.

Any advice?

Are you also having the problem inside a openvz container like me?

Not sure if this is related with openvz... and I'm checking possible solutions...

amcom
14th April 2009, 01:46
Are you also having the problem inside a openvz container like me?
No, I have standard server (Debian 5 + ISPConfig 3) but there is exactly same problem with that ISPConfig firewall ... can't use apt-get, ping on domains etc.

Looks like some issue with outgoing rules or something.

falko
14th April 2009, 14:44
I've added this to our bugtracker, so we will try to reproduce this.

till
24th April 2009, 16:43
The ispconfig firewall does not has any outgoing rules at all, so the problem must be something else on your system. Maybe you had already another firewall running which might cazse a mixture of iptable rules.

akaiser
24th April 2009, 18:28
The ispconfig firewall does not has any outgoing rules at all, so the problem must be something else on your system. Maybe you had already another firewall running which might cazse a mixture of iptable rules.

It's a new installed server following perfect debian 5 setup with ispconfig 3.

In my case I was thinking it could be related with openvz (this server is a vps), but amcom told he is not using a openvz server... It's true that the server also has installed webmin, but if I'm not wrong webmin doesn't confgures firewall rules when installed...

Related with webmin, amcom, do you also have installed webmin?

By the way, if it helps I could post my iptables rules.

tebokkel
25th April 2009, 12:07
Perhaps it's just that the external IP is listed in /etc/resolv.conf, and the (UDP) answer blocked.

Could/would you try 127.0.0.1 in /etc/resolv.conf and/or try to run a
tcpdump -vv -i eth0 port 53
in another terminal and repeat a lookup? Please post the output back here..

Paul