new server

jack tdldev at gmail.com
Thu Feb 28 00:28:30 UTC 2008


On Tue, 2008-02-26 at 18:47 +0100, Nils Kassube wrote:
> jack wrote:
> > installed 7.10 server with LAMP, OPEN-SSH server.
> > After setting up fairly basic firewall rules, apt-get won't work.
> > In looking at dmesg, it appears that this traffic is trying to use port
> > 53 (which I have open).
> 
> Port 53 is DNS - that is needed for virtually every application which uses 
> the internet.
> 
> > The only part I was a bit fuzzy on was in setting the input and output
> > for the IP address. Since I'm on a router serving DHCP, I've assigned
> > this machine 192.168.1.101 (which I thought worked when first tried).
> 
> The IP addresses for DNS are your machine and the DNS server(s) of your 
> ISP.
> 
> > So, the leading question is - which port is apt-get trying to access ?
> > If it is port 53, is the IP address I have in the ruleset wrong?
> 
> AFIK apt-get uses port 80 TCP. The IP address of the server from where 
> apt-get will fetch updates is resolved via DNS from the server name in 
> your /etc/apt/sources.list. That's why you see activity on port 53.
> 
> 
> Nils
Nils~
Thanks for getting my mind in a frame to really think on this. It turns
out that I fat-fingered the ruleset. the blanket output policy did not
allow NEW or INITIALIZE as a state. Reading through the ports I went
back and did a little brainstorming on this, and found that it isn't the
ports that have the problem. That led me back to the ruleset I'd written
(my first crack at writing a full-on set of iptables rules) and found
the policy hiccup. After correcting it to include the other states, all
is well.

Jack






More information about the ubuntu-users mailing list