Re: Cannot download Debian CDs

Dear Mr. Armstrong,

Thank you for your fast answer. And yes, you are right, I shoundn't download as root.

The other thing is that aptitude doesn't call java, perl and python, but it is in my logs. Yes indeed wget doesn't use it, I know. But I wonder when I see the Firewall-Log. This is one thing I don't understand!

Here is the Firewall-Log when I started at the same time wget:

Sep 12 12:23:08 uwgs kernel: [xxxxxx.yyyyyyy] UWGS: Python-Start dropped IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=eth2 MAC=00:0d:b9:36:03:84:00:0d:b9:3a:18:7a:08:00 SRC="" DST=62.146.215.232 LEN=390 TOS=0x00 PREC=0x00 TTL=126 ID=4557 DF PROTO=TCP SPT=53137 DPT=80 WINDOW=16302 RES=0x00 ACK PSH URGP=0

and

Sep 12 14:35:43 uwgs kernel: [xxxxx.yyyyyy] UWGS: Python-Start dropped IN=br0 OUT=br0 PHYSIN=eth2 PHYSOUT=eth1 MAC=00:0d:b9:3a:18:7a:00:0d:b9:36:03:84:08:00 SRC="" DST=10.xxx.xxx.xxx LEN=1492 TOS=0x00 PREC=0x00 TTL=64 ID=25248 DF PROTO=TCP SPT=80 DPT=37565 WINDOW=235 RES=0x00 ACK PSH URGP=0

ip link shows:

frank@pc01:/home/sysop# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether xx.xx.xx.xx.xx.xx brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether xx.xx.xx.xx.xx.xx brd ff:ff:ff:ff:ff:ff
4: mcv0@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP mode DEFAULT group default
    link/ether xx.xx.xx.xx.xx.xx brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
    link/ether xx.xx.xx.xx.xx.xx brd ff:ff:ff:ff:ff:ff
frank@pc01:/home/sysop#

MTU 1500 is OK, because there is a physical Net-Separation, and there is a router forwarding the packets.

Everything works in my net, without Debian Update and downloading CD-Images.

We are developping a debian based High End Firewalls and there must be a solution.

We work only with ipv4. Ipv6 is disabled. Is that the problem?

Best regards

Frank Vollmann

> Don Armstrong <don@debian.org> hat am 13. September 2016 um 18:14 geschrieben:
>
>
> First off, owner@bugs.debian.org and listmaster@lists.debian.org are not
> the right place for user support. You can e-mail
> debian-user@lists.debian.org (in english) or
> debian-user-de@lists.debian.org (in german) for support.
>
> On Tue, 13 Sep 2016, Frank Vollmann wrote:
> > Unfortunately the download breaks with wget too.
>
> [...]
>
> > In »»firmware-8.5.0-i386-netinst.iso.1«« speichern.
> > -8.5.0-i386-netinst 0%[ ] 333,38K --.-KB/s eta 20h 31m^C
>
> This shows wget working (or at least starting to work) but you probably
> shouldn't be doing this as root.
>
> > Why wget and aptitude call java, python and perl on my local machine?
> > I saw it in the firewall-log-files. Is there a firewall related
> > problem? A test with perl, python and java allowed didn't succeeded.
>
> Aptitude doesn't call java. perl and python are likely required.
>
> > This problem have also some other Debian based linucies. Gentoo direct
> > download Tails and Arch Linux per Bit-Torrent are working. Debian and
> > debian based distributions is still standing after three days at 0 %.
>
> If it's not transferring packets, this may be an issue with MTU or
> something else wrong with your network configuration.
>
> The output of tcpdump and/or ip link; may be informative.
>
>
> --
> Don Armstrong https://www.donarmstrong.com
>
> The game of science is, in principle, without end. He who decides one
> day that scientific statements do not call for any further test, and
> that they can be regarded as finally verified, retires from the game.
> -- Sir Karl Popper _The Logic of Scientific Discovery_ §11

Frank Vollmann
Geschäftsführender Gesellschafter
Fon: +49 (0)7393 9546-484
Fax: +49 (0)7393 9546-487
E-Mail: f.vollmann@theriak-iss.com
Web: www.theriak-iss.com