Re: iptables and apt-get
Yes, there's a problem with ICMP ...
A ICMP type 3 code 1 (so "host unreachable") is sent to you, but blocked
by your firewall... And it's about 172.16.250.1
Is everything well configured ?
Maybe you could also accept some ICMP msg on your INPUT chain ?
e.g. :
iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A INPUT -p icmp --icmp-type source-quench -j ACCEPT
iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -j log-icmp
On Tue, Mar 11, 2003 at 01:51:38AM -0000, Ian Goodall wrote:
> Here are the logs:
>
> ID=56596 PROTO=ICMP TYPE=3 CODE=1 [SRC=172.16.5.92 DST=172.16.250.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15353 DF PROTO=TCP SPT=1031 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ]
> Mar 11 01:40:08 dev1 kernel: DROPITIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.5.92 DST=172.16.5.92 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=56597 PROTO=ICMP TYPE=3 CODE=1 [SRC=172.16.5.92 DST=172.16.250.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24795 DF PROTO=TCP SPT=1030 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ]
> Mar 11 01:40:08 dev1 kernel: DROPITIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.5.92 DST=172.16.5.92 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=56598 PROTO=ICMP TYPE=3 CODE=1 [SRC=172.16.5.92 DST=172.16.250.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15354 DF PROTO=TCP SPT=1031 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ]
>
> It seams that there is a problem with icmp. 172.16.5.92 is the linux box and 172.16.250.1:8080 is the proxy server...
--
__o
_`\<,_ Marc Demlenne Public Key on www.keyserver.net
(_)/ (_) GPG/768FA483 BFD8 E61B 180C 3E7A 3435 D393 B605 9979 768F A483
Reply to: