#1  
Old 14th April 2009, 00:00
akaiser akaiser is offline
Junior Member
 
Join Date: Dec 2006
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Default firewall blocks apt-get?

When I activate default firewall in ISPConfig3 I got following connection errors when using apt-get update:

Code:
Err http://ftp.us.debian.org stable Release.gpg
  Could not resolve 'ftp.us.debian.org'
Err http://security.debian.org stable/updates Release.gpg
  Could not resolve 'security.debian.org'
Err http://ftp.debian.org stable Release.gpg
  Could not resolve 'ftp.debian.org'
Reading package lists... Done
When I ping domains it also didn't work, but when I ping IP it works... so I think this could be related with server dns...

The issue is that when I deactivate the ispconfig firewall all works!

This server is a openvz vps, debian 5 with following firewall config:

Code:
Open TCP ports: 20,21,222,25,53,80,110,143,443,3306,8080,10000
Code:
Open UDP ports: 53,3306
Reply With Quote
Sponsored Links
  #2  
Old 14th April 2009, 00:15
amcom amcom is offline
Junior Member
 
Join Date: Apr 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy

Exactly same problem here.

Any advice?
Reply With Quote
  #3  
Old 14th April 2009, 00:31
akaiser akaiser is offline
Junior Member
 
Join Date: Dec 2006
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by amcom View Post
Exactly same problem here.

Any advice?
Are you also having the problem inside a openvz container like me?

Not sure if this is related with openvz... and I'm checking possible solutions...
Reply With Quote
  #4  
Old 14th April 2009, 00:46
amcom amcom is offline
Junior Member
 
Join Date: Apr 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by akaiser View Post
Are you also having the problem inside a openvz container like me?
No, I have standard server (Debian 5 + ISPConfig 3) but there is exactly same problem with that ISPConfig firewall ... can't use apt-get, ping on domains etc.

Looks like some issue with outgoing rules or something.

Last edited by amcom; 14th April 2009 at 00:52.
Reply With Quote
  #5  
Old 14th April 2009, 13:44
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
Default

I've added this to our bugtracker, so we will try to reproduce this.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 24th April 2009, 15:43
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 34,624
Thanks: 793
Thanked 4,996 Times in 3,909 Posts
Default

The ispconfig firewall does not has any outgoing rules at all, so the problem must be something else on your system. Maybe you had already another firewall running which might cazse a mixture of iptable rules.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 24th April 2009, 17:28
akaiser akaiser is offline
Junior Member
 
Join Date: Dec 2006
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Smile

Quote:
Originally Posted by till View Post
The ispconfig firewall does not has any outgoing rules at all, so the problem must be something else on your system. Maybe you had already another firewall running which might cazse a mixture of iptable rules.
It's a new installed server following perfect debian 5 setup with ispconfig 3.

In my case I was thinking it could be related with openvz (this server is a vps), but amcom told he is not using a openvz server... It's true that the server also has installed webmin, but if I'm not wrong webmin doesn't confgures firewall rules when installed...

Related with webmin, amcom, do you also have installed webmin?

By the way, if it helps I could post my iptables rules.
Reply With Quote
  #8  
Old 25th April 2009, 11:07
tebokkel tebokkel is offline
Member
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 96
Thanks: 0
Thanked 9 Times in 9 Posts
 
Default

Perhaps it's just that the external IP is listed in /etc/resolv.conf, and the (UDP) answer blocked.

Could/would you try 127.0.0.1 in /etc/resolv.conf and/or try to run a
tcpdump -vv -i eth0 port 53
in another terminal and repeat a lookup? Please post the output back here..

Paul
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
High Availability (Load Balancing) behind a firewall geek.de.nz Server Operation 7 4th January 2011 13:58
Running customised firewall script -RHEL 4 sud.tech Technical 0 12th June 2008 15:17
firewall scripts error in RHEL 4 sud.tech Technical 1 6th June 2008 11:22
ISP Services firewall page ustoopia Feature Requests 2 17th July 2007 18:39
I need a suitable firewall. agul Server Operation 4 23rd November 2005 00:12


All times are GMT +2. The time now is 04:55.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.