firewall blocks apt-get?

Discussion in 'Installation/Configuration' started by akaiser, Apr 14, 2009.

  1. akaiser

    akaiser New Member

    When I activate default firewall in ISPConfig3 I got following connection errors when using apt-get update:

    Code:
    Err http://ftp.us.debian.org stable Release.gpg
      Could not resolve 'ftp.us.debian.org'
    Err http://security.debian.org stable/updates Release.gpg
      Could not resolve 'security.debian.org'
    Err http://ftp.debian.org stable Release.gpg
      Could not resolve 'ftp.debian.org'
    Reading package lists... Done
    
    When I ping domains it also didn't work, but when I ping IP it works... so I think this could be related with server dns...

    The issue is that when I deactivate the ispconfig firewall all works!

    This server is a openvz vps, debian 5 with following firewall config:

    Code:
    Open TCP ports: 20,21,222,25,53,80,110,143,443,3306,8080,10000
    Code:
    Open UDP ports: 53,3306
     
  2. amcom

    amcom New Member

    Exactly same problem here.

    Any advice?
     
  3. akaiser

    akaiser New Member

    Are you also having the problem inside a openvz container like me?

    Not sure if this is related with openvz... and I'm checking possible solutions...
     
  4. amcom

    amcom New Member

    No, I have standard server (Debian 5 + ISPConfig 3) but there is exactly same problem with that ISPConfig firewall ... can't use apt-get, ping on domains etc.

    Looks like some issue with outgoing rules or something.
     
    Last edited: Apr 14, 2009
  5. falko

    falko Super Moderator

    I've added this to our bugtracker, so we will try to reproduce this.
     
  6. till

    till Super Moderator

    The ispconfig firewall does not has any outgoing rules at all, so the problem must be something else on your system. Maybe you had already another firewall running which might cazse a mixture of iptable rules.
     
  7. akaiser

    akaiser New Member

    It's a new installed server following perfect debian 5 setup with ispconfig 3.

    In my case I was thinking it could be related with openvz (this server is a vps), but amcom told he is not using a openvz server... It's true that the server also has installed webmin, but if I'm not wrong webmin doesn't confgures firewall rules when installed...

    Related with webmin, amcom, do you also have installed webmin?

    By the way, if it helps I could post my iptables rules.
     
  8. tebokkel

    tebokkel New Member

    Perhaps it's just that the external IP is listed in /etc/resolv.conf, and the (UDP) answer blocked.

    Could/would you try 127.0.0.1 in /etc/resolv.conf and/or try to run a
    tcpdump -vv -i eth0 port 53
    in another terminal and repeat a lookup? Please post the output back here..

    Paul
     

Share This Page