[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

iptables and apt-get



Hello all,

My home-brew iptables firewall has a problem with apt-get using the ftp
method.  I get this sort of thing in the log:-

Sep  9 10:19:21 elm kernel: OUTPUT_DENY_ALL:IN= OUT=ppp0 SRC=203.91.66.233
DST=203.8.116.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=TCP SPT=3299
DPT=51738 WINDOW=5840 RES=0x00 SYN URGP=0

As you can see the packet to the mirror has
   SPT	 3299
   DPT  51738
neither of which is a well known port.

I can use ncftp ok with passive set either on or off.  So just what is
happening here?  The port numbers change with each invocation of
apt-get, so a specific rule is not possible.  How can I fix it?

Any help will be much appreciated.

Lindsay
-- 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Lindsay Allen   <allen@cleo.murdoch.edu.au>    Perth, Western Australia
voice +61 8 9316 2486, 0403 272 564   32.0125S 115.8445E   Debian Linux
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=





Reply to: