Re: apt-get & firewall

To: <debian-user@lists.debian.org>
Subject: Re: apt-get & firewall
From: "Pontus Edvardsson" <pontus.edvardsson@bredband.net>
Date: Sat, 3 Nov 2001 11:01:15 +0100
Message-id: <[🔎] 000001c16472$734b7960$0201a8c0@yazoo>
References: <Pine.LNX.4.40.0110301227060.4083-100000@ursine.dyndns.org> <004a01c16226$51271680$5f07e0c2@ene.es>

I've followed the discussion, but, what if you have a proxy between the
client and firewall? Is it possible to have APT-GET log on the proxy?
----- Original Message -----
From: "Davi Leal" <david.leal@ene.es>
To: <debian-user@lists.debian.org>
Sent: Wednesday, October 31, 2001 5:08 PM
Subject: RE: apt-get & firewall


> Paul 'Baloo' Johnson wrote:
> > On Tue, 30 Oct 2001, Frederico.S.Muñoz wrote:
> > > AFAIK either the HTTP, the FTP, or both; it depends on what you
> define in
> > > your sources.line.
> > >
> > > If you only define http sites you would only need the http port
> open, the
> > > same with the ftp.
> >
> > 2 things:
> >
> > 1) If you're blocking connections anal retentively, non-passive FTP
> may
> > break anyway.
> >
> > 2) Why are you blocking *outgoing* connections, anyway?  If you don't
> > trust people inside your network to make an outbound connection, do
> they
> > really need to be on the network at all?
>
> I am not an expert, anyhow, I think the *outgoing* connections are
> allowed. See below:
>
> # Output rules
> #
> # ipfwadm -O -l
> IP firewall output rules, default policy: deny
> type  prot source       destination   ports
> acc   ALL  X.X.X.0/25   0.0.0.0/0     n/a
> acc   ALL  0.0.0.0/0    X.X.X.0/25    n/a
>
>
>
> And the machine which has the issue has the below allowed:
>
> # Input rules
> #
> # ipfwadm -I -l | grep 5
> acc   TCP  0.0.0.0/0    X.X.X.5    * -> 80
> acc   TCP  0.0.0.0/0    X.X.X.5    80,443 -> 1024:65535
> acc   TCP  0.0.0.0/0    X.X.X.5    119,81,20,21 -> 1024:65535
>        ^
>        ^
>
>
> The X.X.X.5 host is behind the firewall. Why pointing apt-get to
> ftp.de.debian.org raises a "Connection time out" message after
> Login-Connecting successfully?. The "Packages" file is not downloaded
> any byte (0%). Note: I can use "lynx" and "ftp" rightly on the X.X.X.5
> host. I can even download the "Packages" file using the "ftp" command.
> Uhmm, ... Is it needed enable the UDP protocol to use "apt-get"?.
>
> # ipfwadm -I -l | grep 5
> acc   TCP  0.0.0.0/0    X.X.X.5    * -> 80
> acc   TCP  0.0.0.0/0    X.X.X.5    80,443 -> 1024:65535
> acc   TCP  0.0.0.0/0    X.X.X.5    119,81,20,21 -> 1024:65535
>        ^
>        ^
>
>
>
> Do you know any SMTP, FTP, firewall, DNS, POP3, ... server which uses
> Debian and  "apt-get update ; apt-get upgrade" in cron to fix the
> security bugs automatically?. Is it usual?.
>
>
> Davi
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>

Reply to:

Follow-Ups:
- RE: apt-get & firewall
  - From: "Davi Leal" <david.leal@ene.es>

Prev by Date: Getting Linux
Next by Date: Re: Getting Linux
Previous by thread: Re: Getting Linux
Next by thread: RE: apt-get & firewall
Index(es):
- Date
- Thread