I've followed the discussion, but, what if you have a proxy between the client and firewall? Is it possible to have APT-GET log on the proxy? ----- Original Message ----- From: "Davi Leal" <[EMAIL PROTECTED]> To: <debian-user@lists.debian.org> Sent: Wednesday, October 31, 2001 5:08 PM Subject: RE: apt-get & firewall
> Paul 'Baloo' Johnson wrote: > > On Tue, 30 Oct 2001, Frederico.S.Muñoz wrote: > > > AFAIK either the HTTP, the FTP, or both; it depends on what you > define in > > > your sources.line. > > > > > > If you only define http sites you would only need the http port > open, the > > > same with the ftp. > > > > 2 things: > > > > 1) If you're blocking connections anal retentively, non-passive FTP > may > > break anyway. > > > > 2) Why are you blocking *outgoing* connections, anyway? If you don't > > trust people inside your network to make an outbound connection, do > they > > really need to be on the network at all? > > I am not an expert, anyhow, I think the *outgoing* connections are > allowed. See below: > > # Output rules > # > # ipfwadm -O -l > IP firewall output rules, default policy: deny > type prot source destination ports > acc ALL X.X.X.0/25 0.0.0.0/0 n/a > acc ALL 0.0.0.0/0 X.X.X.0/25 n/a > > > > And the machine which has the issue has the below allowed: > > # Input rules > # > # ipfwadm -I -l | grep 5 > acc TCP 0.0.0.0/0 X.X.X.5 * -> 80 > acc TCP 0.0.0.0/0 X.X.X.5 80,443 -> 1024:65535 > acc TCP 0.0.0.0/0 X.X.X.5 119,81,20,21 -> 1024:65535 > ^ > ^ > > > The X.X.X.5 host is behind the firewall. Why pointing apt-get to > ftp.de.debian.org raises a "Connection time out" message after > Login-Connecting successfully?. The "Packages" file is not downloaded > any byte (0%). Note: I can use "lynx" and "ftp" rightly on the X.X.X.5 > host. I can even download the "Packages" file using the "ftp" command. > Uhmm, ... Is it needed enable the UDP protocol to use "apt-get"?. > > # ipfwadm -I -l | grep 5 > acc TCP 0.0.0.0/0 X.X.X.5 * -> 80 > acc TCP 0.0.0.0/0 X.X.X.5 80,443 -> 1024:65535 > acc TCP 0.0.0.0/0 X.X.X.5 119,81,20,21 -> 1024:65535 > ^ > ^ > > > > Do you know any SMTP, FTP, firewall, DNS, POP3, ... server which uses > Debian and "apt-get update ; apt-get upgrade" in cron to fix the > security bugs automatically?. Is it usual?. > > > Davi > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
