Re: Check Update, Update and Port Blocking
On 02/20/2014 03:50 AM, Andrei POPESCU wrote:
> On Lu, 17 feb 14, 22:30:31, PaulNM wrote:
>>
>> I could be wrong, but my understanding is that apt uses standard http,
>> so port 80 outgoing.
>
> Just because port 80 is used for listening for http requests doesn't
> meant the client is using the same outgoing port ;)
>
> Kind regards,
> Andrei
>
I believe you're confusing source and destination ports. If you're
configuring a firewall to allow outgoing connections, you want to allow
outgoing destination (or dport) 80. The source port (sport) is hard to
predict, and really could be anything. (Iptables can be configured to
match based on sport, but that's not a common setup.)
To elaborate on my earlier post, apt figures out everything locally.
The only times it needs network access is to fetch packages, assuming
you're not using disks or a local mirror, or to get an updated list of
your mirror's contents. Since both are simply fetching files, http is
all that's needed. (Although you could configure ftp sources if you
wanted to.)
Look at your sources.list, if all the mirrors start with http://, that's
all you need.
On second though, I just re-read the OP's message. He's talking about
the firewall on the Comcast modem/router. It's really rare for those
types of devices to have outgoing filtering.
However, according to:
http://media2.comcast.net/anon.comcastonline2/support/userguides/Wireless_Gateway_User_Guide_030811.pdf
It does filter outgoing, but high *does* allow 80, 443, and a bunch of
common ports. I really suspect dns/mirror issues, but it would probably
be worth the OP's time to try dropping the firewall level and test again.
- PaulNM
Reply to: