iptables and apt

To: debian-firewall@lists.debian.org
Subject: iptables and apt
From: Jan Tammen <jan.tammen@et-inf.fho-emden.de>
Date: Thu, 22 Nov 2001 18:25:14 +0100
Message-id: <[🔎] 20011122182513.A1683@tammen.net>

Hi,
I set up the following rules to allow ftp with my iptables-based
packetfilter:

iptables -A INPUT -i $PPP_IFACE -p tcp ! --syn --sport 20 --dport \
$UNPRIVPORTS -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i $PPP_IFACE -p tcp ! --syn --sport 21 --dport \
$UNPRIVPORTS -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i $PPP_IFACE -p tcp ! --syn --dport 20 -j ACCEPT \
iptables -A INPUT -i $PPP_IFACE -p tcp --dport 21 -j ACCEPT

Where PPP_IFACE is my external interface an UNPRIVPORTS = 1024:65535.
Trying to update my box via apt-get (on the 'firewall'-host), the 
connection to the server is not established and I get these errors:

IN=ippp0 OUT= MAC= SRC=141.76.2.4 DST=217.224.116.100 LEN=60 TOS=0x00 \
PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=48685 DPT=1141 WINDOW=5712 \
RES=0x00 ACK SYN URGP=0
...

What to do?
-- 
"it's not so simple being simple" | http://tammen.net/jt/

Reply to:

Follow-Ups:
- Re: iptables and apt
  - From: Jan-Hendrik Palic <palic@billgotchy.de>
- Re: iptables and apt
  - From: Tzafrir Cohen <tzafrir@technion.ac.il>

Prev by Date: Re: Linux kernel
Next by Date: Auto starting iptables
Previous by thread: Re: Linux kernel
Next by thread: Re: iptables and apt
Index(es):
- Date
- Thread