RE: apt-get & firewall

Mon, 05 Nov 2001 02:28:34 -0600 

> Pontus Edvardsson wrote:
> I've followed the discussion, but, what if you have a proxy between
the
> client and firewall? Is it possible to have APT-GET log on the proxy?

I have not any idea.  :-(

Davi



> From: "Davi Leal" <[EMAIL PROTECTED]>
> > Paul 'Baloo' Johnson wrote:
> > > On Tue, 30 Oct 2001, Frederico.S.Muñoz wrote:
> > > > AFAIK either the HTTP, the FTP, or both; it depends on what you
> > > > define in your sources.line.
> > > >
> > > > If you only define http sites you would only need the http port
> > > > open, the same with the ftp.
> > >
> > > 2 things:
> > >
> > > 1) If you're blocking connections anal retentively, non-passive
FTP
> > > may break anyway.
> > >
> > > 2) Why are you blocking *outgoing* connections, anyway?  If you
don't
> > > trust people inside your network to make an outbound connection,
do
> > > they really need to be on the network at all?
> >
> > I am not an expert, anyhow, I think the *outgoing* connections are
> > allowed. See below:
> >
> > # Output rules
> > #
> > # ipfwadm -O -l
> > IP firewall output rules, default policy: deny
> > type  prot source       destination   ports
> > acc   ALL  X.X.X.0/25   0.0.0.0/0     n/a
> > acc   ALL  0.0.0.0/0    X.X.X.0/25    n/a
> >
> >
> >
> > And the machine which has the issue has the below allowed:
> >
> > # Input rules
> > #
> > # ipfwadm -I -l | grep 5
> > acc   TCP  0.0.0.0/0    X.X.X.5    * -> 80
> > acc   TCP  0.0.0.0/0    X.X.X.5    80,443 -> 1024:65535
> > acc   TCP  0.0.0.0/0    X.X.X.5    119,81,20,21 -> 1024:65535
> >        ^
> >        ^
> >
> >
> > The X.X.X.5 host is behind the firewall. Why pointing apt-get to
> > ftp.de.debian.org raises a "Connection time out" message after
> > Login-Connecting successfully?. The "Packages" file is not
downloaded
> > any byte (0%). Note: I can use "lynx" and "ftp" rightly on the
X.X.X.5
> > host. I can even download the "Packages" file using the "ftp"
command.
> > Uhmm, ... Is it needed enable the UDP protocol to use "apt-get"?.
> >
> > # ipfwadm -I -l | grep 5
> > acc   TCP  0.0.0.0/0    X.X.X.5    * -> 80
> > acc   TCP  0.0.0.0/0    X.X.X.5    80,443 -> 1024:65535
> > acc   TCP  0.0.0.0/0    X.X.X.5    119,81,20,21 -> 1024:65535
> >        ^
> >        ^
> >
> >
> >
> > Do you know any SMTP, FTP, firewall, DNS, POP3, ... server which
uses
> > Debian and  "apt-get update ; apt-get upgrade" in cron to fix the
> > security bugs automatically?. Is it usual?.
> >
> >
> > Davi

Reply via email to