RE: apt-get & firewall

To: "Pontus Edvardsson" <pontus.edvardsson@bredband.net>, <debian-user@lists.debian.org>
Subject: RE: apt-get & firewall
From: "Davi Leal" <david.leal@ene.es>
Date: Mon, 5 Nov 2001 09:30:13 +0100
Message-id: <[🔎] 001d01c165d4$17558fc0$5f07e0c2@ene.es>
References: <Pine.LNX.4.40.0110301227060.4083-100000@ursine.dyndns.org> <004a01c16226$51271680$5f07e0c2@ene.es> <[🔎] 000001c16472$734b7960$0201a8c0@yazoo>

> Pontus Edvardsson wrote:
> I've followed the discussion, but, what if you have a proxy between
the
> client and firewall? Is it possible to have APT-GET log on the proxy?

I have not any idea.  :-(

Davi



> From: "Davi Leal" <david.leal@ene.es>
> > Paul 'Baloo' Johnson wrote:
> > > On Tue, 30 Oct 2001, Frederico.S.Muñoz wrote:
> > > > AFAIK either the HTTP, the FTP, or both; it depends on what you
> > > > define in your sources.line.
> > > >
> > > > If you only define http sites you would only need the http port
> > > > open, the same with the ftp.
> > >
> > > 2 things:
> > >
> > > 1) If you're blocking connections anal retentively, non-passive
FTP
> > > may break anyway.
> > >
> > > 2) Why are you blocking *outgoing* connections, anyway?  If you
don't
> > > trust people inside your network to make an outbound connection,
do
> > > they really need to be on the network at all?
> >
> > I am not an expert, anyhow, I think the *outgoing* connections are
> > allowed. See below:
> >
> > # Output rules
> > #
> > # ipfwadm -O -l
> > IP firewall output rules, default policy: deny
> > type  prot source       destination   ports
> > acc   ALL  X.X.X.0/25   0.0.0.0/0     n/a
> > acc   ALL  0.0.0.0/0    X.X.X.0/25    n/a
> >
> >
> >
> > And the machine which has the issue has the below allowed:
> >
> > # Input rules
> > #
> > # ipfwadm -I -l | grep 5
> > acc   TCP  0.0.0.0/0    X.X.X.5    * -> 80
> > acc   TCP  0.0.0.0/0    X.X.X.5    80,443 -> 1024:65535
> > acc   TCP  0.0.0.0/0    X.X.X.5    119,81,20,21 -> 1024:65535
> >        ^
> >        ^
> >
> >
> > The X.X.X.5 host is behind the firewall. Why pointing apt-get to
> > ftp.de.debian.org raises a "Connection time out" message after
> > Login-Connecting successfully?. The "Packages" file is not
downloaded
> > any byte (0%). Note: I can use "lynx" and "ftp" rightly on the
X.X.X.5
> > host. I can even download the "Packages" file using the "ftp"
command.
> > Uhmm, ... Is it needed enable the UDP protocol to use "apt-get"?.
> >
> > # ipfwadm -I -l | grep 5
> > acc   TCP  0.0.0.0/0    X.X.X.5    * -> 80
> > acc   TCP  0.0.0.0/0    X.X.X.5    80,443 -> 1024:65535
> > acc   TCP  0.0.0.0/0    X.X.X.5    119,81,20,21 -> 1024:65535
> >        ^
> >        ^
> >
> >
> >
> > Do you know any SMTP, FTP, firewall, DNS, POP3, ... server which
uses
> > Debian and  "apt-get update ; apt-get upgrade" in cron to fix the
> > security bugs automatically?. Is it usual?.
> >
> >
> > Davi

Reply to:

Follow-Ups:
- Re: apt-get & firewall
  - From: Stephen Gran <gashuffer09@home.com>

References:
- Re: apt-get & firewall
  - From: "Pontus Edvardsson" <pontus.edvardsson@bredband.net>

Prev by Date: Re: IMAP security
Next by Date: wu-ftpd exploit?
Previous by thread: Re: apt-get & firewall
Next by thread: Re: apt-get & firewall
Index(es):
- Date
- Thread