Dear Mr. Armstrong,
Thank you for your fast answer. And yes, you are right, I shoundn't download as root.
The other thing is that aptitude doesn't call java, perl and python, but it is in my logs. Yes indeed wget doesn't use it, I know. But I wonder when I see the Firewall-Log. This is one thing I don't understand!
Sep 12 12:23:08 uwgs kernel: [xxxxxx.yyyyyyy] UWGS: Python-Start dropped IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=eth2 MAC=00:0d:b9:36:03:84:00:0d:b9:3a:18:7a:08:00 SRC="" DST=62.146.215.232 LEN=390 TOS=0x00 PREC=0x00 TTL=126 ID=4557 DF PROTO=TCP SPT=53137 DPT=80 WINDOW=16302 RES=0x00 ACK PSH URGP=0
and
Sep 12 14:35:43 uwgs kernel: [xxxxx.yyyyyy] UWGS: Python-Start dropped IN=br0 OUT=br0 PHYSIN=eth2 PHYSOUT=eth1 MAC=00:0d:b9:3a:18:7a:00:0d:b9:36:03:84:08:00 SRC="" DST=10.xxx.xxx.xxx LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=25248 DF PROTO=TCP SPT=80 DPT=37565 WINDOW=235 RES=0x00 ACK PSH URGP=0 ip link shows:
frank@pc01:/home/sysop# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether xx.xx.xx.xx.xx.xx brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether xx.xx.xx.xx.xx.xx brd ff:ff:ff:ff:ff:ff 4: mcv0@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP mode DEFAULT group default link/ether xx.xx.xx.xx.xx.xx brd ff:ff:ff:ff:ff:ff 5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether xx.xx.xx.xx.xx.xx brd ff:ff:ff:ff:ff:ff frank@pc01:/home/sysop# MTU 1500 is OK, because there is a physical Net-Separation, and there is a router forwarding the packets.
Everything works in my net, without Debian Update and downloading CD-Images.
We are developping a debian based High End Firewalls and there must be a solution.
We work only with ipv4. Ipv6 is disabled. Is that the problem?
Best regards
Frank Vollmann
> Don Armstrong <don@debian.org> hat am 13. September 2016 um 18:14 geschrieben: > > > First off, owner@bugs.debian.org and listmaster@lists.debian.org are not > the right place for user support. You can e-mail > debian-user@lists.debian.org (in english) or > debian-user-de@lists.debian.org (in german) for support. > > On Tue, 13 Sep 2016, Frank Vollmann wrote: > > Unfortunately the download breaks with wget too. > > [...] > > > In »»firmware-8.5.0-i386-netinst.iso.1«« speichern. > > -8.5.0-i386-netinst 0%[ ] 333,38K --.-KB/s eta 20h 31m^C > > This shows wget working (or at least starting to work) but you probably > shouldn't be doing this as root. > > > Why wget and aptitude call java, python and perl on my local machine? > > I saw it in the firewall-log-files. Is there a firewall related > > problem? A test with perl, python and java allowed didn't succeeded. > > Aptitude doesn't call java. perl and python are likely required. > > > This problem have also some other Debian based linucies. Gentoo direct > > download Tails and Arch Linux per Bit-Torrent are working. Debian and > > debian based distributions is still standing after three days at 0 %. > > If it's not transferring packets, this may be an issue with MTU or > something else wrong with your network configuration. > > The output of tcpdump and/or ip link; may be informative. > > > -- > Don Armstrong https://www.donarmstrong.com > > The game of science is, in principle, without end. He who decides one > day that scientific statements do not call for any further test, and > that they can be regarded as finally verified, retires from the game. > -- Sir Karl Popper _The Logic of Scientific Discovery_ §11 Frank Vollmann Geschäftsführender Gesellschafter Fon: +49 (0)7393 9546-484 Fax: +49 (0)7393 9546-487 E-Mail: f.vollmann@theriak-iss.com Web: www.theriak-iss.com |
BEGIN:VCARD VERSION:3.0 PRODID:OPEN-XCHANGE FN:Frank Vollmann N:Vollmann;Frank;;; X-OPEN-XCHANGE-CTYPE:contact ADR;TYPE=work:;;Bökeler 1;Hausen am Bussen;Germany\, Baden-Württemberg;D-89597 ; ADR;TYPE=home:;;;;;; TEL;TYPE=work,voice,pref:+49 (0)7393 9546-484 TEL;TYPE=work,fax:+49 (0)7393 9546-487 TEL;TYPE=home,voice,pref: TEL;TYPE=cell,voice,pref:+49 (0) 171 - 21 444 56 EMAIL;TYPE=INTERNET,work:f.vollmann@theriak-iss.com ORG:Theriak iSS GmbH REV:20140806T151044.309Z UID:6d0a3c7d-a148-4260-87de-e2cef9de2351 END:VCARD