HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   firewall blocks apt-get? (http://www.howtoforge.com/forums/showthread.php?t=33642)

akaiser 14th April 2009 01:00

firewall blocks apt-get?
 
When I activate default firewall in ISPConfig3 I got following connection errors when using apt-get update:

Code:

Err http://ftp.us.debian.org stable Release.gpg
  Could not resolve 'ftp.us.debian.org'
Err http://security.debian.org stable/updates Release.gpg
  Could not resolve 'security.debian.org'
Err http://ftp.debian.org stable Release.gpg
  Could not resolve 'ftp.debian.org'
Reading package lists... Done

When I ping domains it also didn't work, but when I ping IP it works... so I think this could be related with server dns...

The issue is that when I deactivate the ispconfig firewall all works!

This server is a openvz vps, debian 5 with following firewall config:

Code:

Open TCP ports: 20,21,222,25,53,80,110,143,443,3306,8080,10000
Code:

Open UDP ports: 53,3306

amcom 14th April 2009 01:15

Exactly same problem here.

Any advice?

akaiser 14th April 2009 01:31

Quote:

Originally Posted by amcom (Post 181697)
Exactly same problem here.

Any advice?

Are you also having the problem inside a openvz container like me?

Not sure if this is related with openvz... and I'm checking possible solutions...

amcom 14th April 2009 01:46

Quote:

Originally Posted by akaiser (Post 181698)
Are you also having the problem inside a openvz container like me?

No, I have standard server (Debian 5 + ISPConfig 3) but there is exactly same problem with that ISPConfig firewall ... can't use apt-get, ping on domains etc.

Looks like some issue with outgoing rules or something.

falko 14th April 2009 14:44

I've added this to our bugtracker, so we will try to reproduce this.

till 24th April 2009 16:43

The ispconfig firewall does not has any outgoing rules at all, so the problem must be something else on your system. Maybe you had already another firewall running which might cazse a mixture of iptable rules.

akaiser 24th April 2009 18:28

Quote:

Originally Posted by till (Post 184103)
The ispconfig firewall does not has any outgoing rules at all, so the problem must be something else on your system. Maybe you had already another firewall running which might cazse a mixture of iptable rules.

It's a new installed server following perfect debian 5 setup with ispconfig 3.

In my case I was thinking it could be related with openvz (this server is a vps), but amcom told he is not using a openvz server... It's true that the server also has installed webmin, but if I'm not wrong webmin doesn't confgures firewall rules when installed...

Related with webmin, amcom, do you also have installed webmin?

By the way, if it helps I could post my iptables rules.

tebokkel 25th April 2009 12:07

Perhaps it's just that the external IP is listed in /etc/resolv.conf, and the (UDP) answer blocked.

Could/would you try 127.0.0.1 in /etc/resolv.conf and/or try to run a
tcpdump -vv -i eth0 port 53
in another terminal and repeat a lookup? Please post the output back here..

Paul


All times are GMT +2. The time now is 22:19.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.