iptables and apt-get
Hello all,
My home-brew iptables firewall has a problem with apt-get using the ftp
method. I get this sort of thing in the log:-
Sep 9 10:19:21 elm kernel: OUTPUT_DENY_ALL:IN= OUT=ppp0 SRC=203.91.66.233
DST=203.8.116.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=TCP SPT=3299
DPT=51738 WINDOW=5840 RES=0x00 SYN URGP=0
As you can see the packet to the mirror has
SPT 3299
DPT 51738
neither of which is a well known port.
I can use ncftp ok with passive set either on or off. So just what is
happening here? The port numbers change with each invocation of
apt-get, so a specific rule is not possible. How can I fix it?
Any help will be much appreciated.
Lindsay
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Lindsay Allen <allen@cleo.murdoch.edu.au> Perth, Western Australia
voice +61 8 9316 2486, 0403 272 564 32.0125S 115.8445E Debian Linux
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Reply to: