On 02/20/2014 03:50 AM, Andrei POPESCU wrote: > On Lu, 17 feb 14, 22:30:31, PaulNM wrote: >> >> I could be wrong, but my understanding is that apt uses standard http, >> so port 80 outgoing. > > Just because port 80 is used for listening for http requests doesn't > meant the client is using the same outgoing port ;) > > Kind regards, > Andrei >
I believe you're confusing source and destination ports. If you're configuring a firewall to allow outgoing connections, you want to allow outgoing destination (or dport) 80. The source port (sport) is hard to predict, and really could be anything. (Iptables can be configured to match based on sport, but that's not a common setup.) To elaborate on my earlier post, apt figures out everything locally. The only times it needs network access is to fetch packages, assuming you're not using disks or a local mirror, or to get an updated list of your mirror's contents. Since both are simply fetching files, http is all that's needed. (Although you could configure ftp sources if you wanted to.) Look at your sources.list, if all the mirrors start with http://, that's all you need. On second though, I just re-read the OP's message. He's talking about the firewall on the Comcast modem/router. It's really rare for those types of devices to have outgoing filtering. However, according to: http://media2.comcast.net/anon.comcastonline2/support/userguides/Wireless_Gateway_User_Guide_030811.pdf It does filter outgoing, but high *does* allow 80, 443, and a bunch of common ports. I really suspect dns/mirror issues, but it would probably be worth the OP's time to try dropping the firewall level and test again. - PaulNM -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5305f077.2020...@paulscrap.com
