Re: shorewall blocks apt-get
> Workarounds:
>
> 1) run an internal DNS behind the firewall, and direct all queries at
> that system, punch a hole through the firewall to allow that system
> through. I do this on my network, I have a bridged freebsd box
> which has a default ipfw policy of deny, then I told BIND to only
> use UDP port 53 for all actions(makes it firewall-friendly), and
> opened a hole in the firewall to allow requests to go to UDP/53
> on my nameserver. You shouldn't need to allow incoming requests
> just outgoing, since my server is authortative for about 45 domains
> I need to allow incoming as well.
> 2) Try running all of your DNS requests over TCP, using the
> 'host' command you can do this, I am not aware of any way to get
> the system to default to this.
> 3) point to your proxy using it's IP address not the domain name
> so it doesn't have to resolve anything. Many proxy servers handle
> all DNS resolution as well, so if your using a proxy your system
> doesn't need to know what debian.org or whatever resolves to.
>
>
> #3 is the best interim solution, if you run a network, the best
> long term solution is #1, that way you have both DNS and a DNS
> cache on your internal network.
>
> nate
I've specified some rules in shorewall to allow me acces to port
53 with tcp and udp. It still doesn't work.
As for #3, i don't know what the ip is of this proxy so
i won't be able to use this. I think sollution on is going to be what
i need. Seems a bit overkill though for what i want to do.
Another sollution is to temporarily shutdown the firewall but i
do not want to do this.
Reply to: