No no. I have had been having the problem for quite a few days :( besides I
also use the www.mirror.ac.uk service too!
- Original Message -
From: "Desai, Jason" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, March 11, 2003 5:48 PM
Subject: RE: iptables and apt-get
> Hi
No no. I have had been having the problem for quite a few days :( besides I
also use the www.mirror.ac.uk service too!
- Original Message -
From: "Desai, Jason" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 11, 2003 5:48 PM
Subject: RE: iptables a
had any errors at all.
Jason
> -Original Message-
> From: Victor Calzado Mayo [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 11, 2003 11:31 AM
> To: debian-security@lists.debian.org
> Subject: Re: iptables and apt-get
>
>
> -BEGIN PGP SIGNED MESSAGE-
&g
Posted on announce on error... Here is my original post for security:
[EMAIL PROTECTED] (François TOURDE) writes:
> I.R.van Dongen <[EMAIL PROTECTED]> writes:
>
> > On Tue, 11 Mar 2003 14:48:20 -
> > "Ian Goodall" <[EMAIL PROTECTED]> wrote:
> >
> > > All is fine now. Adding the line:
> > >
had any errors at all.
Jason
> -Original Message-
> From: Victor Calzado Mayo [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 11, 2003 11:31 AM
> To: [EMAIL PROTECTED]
> Subject: Re: iptables and apt-get
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
&g
Posted on announce on error... Here is my original post for security:
[EMAIL PROTECTED] (François TOURDE) writes:
> I.R.van Dongen <[EMAIL PROTECTED]> writes:
>
> > On Tue, 11 Mar 2003 14:48:20 -
> > "Ian Goodall" <[EMAIL PROTECTED]> wrote:
> >
> > > All is fine now. Adding the line:
> > >
CTED]>
> To: "Ian Goodall" <[EMAIL PROTECTED]>
> Cc:
> Sent: Tuesday, March 11, 2003 12:59 PM
> Subject: Re: iptables and apt-get
>
> > iptables -A OUTPUT -p tcp -d /32 --dport 80 -j ACCEPT
> >
> > On Tue, 11 Mar 2003 00:45:48 -
> >
> >
On Tue, Mar 11, 2003 at 04:13:59PM +0100, I. R. van Dongen wrote:
> On Tue, 11 Mar 2003 14:48:20 -
> "Ian Goodall" <[EMAIL PROTECTED]> wrote:
> > All is fine now. Adding the line:
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > fixes the problem. Does anyone know what t
Ian Goodall, 2003-Mar-11 14:48 -:
> All is fine now. Adding the line:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> fixes the problem. Does anyone know what this line does? I found this using
> an online script generator at http://www.iptables.1go.dk/index1.php.
Ip
On Tue, 11 Mar 2003 14:48:20 -
"Ian Goodall" <[EMAIL PROTECTED]> wrote:
> All is fine now. Adding the line:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> fixes the problem. Does anyone know what this line does? I found this using
> an online script generator at htt
CTED]>
> To: "Ian Goodall" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Tuesday, March 11, 2003 12:59 PM
> Subject: Re: iptables and apt-get
>
> > iptables -A OUTPUT -p tcp -d /32 --dport 80 -j ACCEPT
> >
> > On Tue, 11 Mar 2003 00:45:48
that this list should be
used for instead of debating what should be on it / other spam :)
- Original Message -
From: "I.R.van Dongen" <[EMAIL PROTECTED]>
To: "Ian Goodall" <[EMAIL PROTECTED]>
Cc:
Sent: Tuesday, March 11, 2003 12:59 PM
Subject: Re: ipta
On Tue, Mar 11, 2003 at 04:13:59PM +0100, I. R. van Dongen wrote:
> On Tue, 11 Mar 2003 14:48:20 -
> "Ian Goodall" <[EMAIL PROTECTED]> wrote:
> > All is fine now. Adding the line:
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > fixes the problem. Does anyone know what t
Ian Goodall, 2003-Mar-11 14:48 -:
> All is fine now. Adding the line:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> fixes the problem. Does anyone know what this line does? I found this using
> an online script generator at http://www.iptables.1go.dk/index1.php.
Ip
On Tue, 11 Mar 2003 14:48:20 -
"Ian Goodall" <[EMAIL PROTECTED]> wrote:
> All is fine now. Adding the line:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> fixes the problem. Does anyone know what this line does? I found this using
> an online script generator at htt
iptables -A OUTPUT -p tcp -d /32 --dport 80 -j ACCEPT
On Tue, 11 Mar 2003 00:45:48 -
"Ian Goodall" <[EMAIL PROTECTED]> wrote:
> Hi Guys,
>
> I am setting up iptables on my debain woody box. I have decided to close
> everyting and then open up just ssh and ssl. This obviously prevents my
>
that this list should be
used for instead of debating what should be on it / other spam :)
- Original Message -
From: "I.R.van Dongen" <[EMAIL PROTECTED]>
To: "Ian Goodall" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, March 11, 2003 12:5
iptables -A OUTPUT -p tcp -d /32 --dport 80 -j ACCEPT
On Tue, 11 Mar 2003 00:45:48 -
"Ian Goodall" <[EMAIL PROTECTED]> wrote:
> Hi Guys,
>
> I am setting up iptables on my debain woody box. I have decided to close everyting
> and then open up just ssh and ssl. This obviously prevents my apt
Ian Goodall wrote:
I am using http to security.debian.org and mirror.ac.uk. When opening up
port 80(http) it makes no difference. I think this is beacause I am not
running a service to connect i.e. connecting to port 80 on a remote system
from an unprivalged port >1024? Does this mean it will u
Maybe you can simply take a look at this ...
http://www.debian.org/doc/manuals/securing-debian-howto/ap-fw-security-update.en.html
On Tue, Mar 11, 2003 at 12:45:48AM -, Ian Goodall wrote:
> Hi Guys,
>
> I am setting up iptables on my debain woody box. I have decided to close
> everyting a
Yes, there's a problem with ICMP ...
A ICMP type 3 code 1 (so "host unreachable") is sent to you, but blocked
by your firewall... And it's about 172.16.250.1
Is everything well configured ?
Maybe you could also accept some ICMP msg on your INPUT chain ?
e.g. :
iptables -A INPUT -p icmp --icmp-t
Ian Goodall wrote:
I am using http to security.debian.org and mirror.ac.uk. When opening up
port 80(http) it makes no difference. I think this is beacause I am not
running a service to connect i.e. connecting to port 80 on a remote system
from an unprivalged port >1024? Does this mean it will use
there is a problem with icmp.
172.16.5.92 is the linux box and 172.16.250.1:8080 is the proxy
server...
- Original Message -
From:
Jones, Steven
To: 'Ian Goodall' ; debian-security@lists.debian.org
Sent: Tuesday, March 11, 2003 1:39
AM
Subject: RE: iptabl
rule to drop and log
/sbin/iptables -A INPUT -j drop-and-log-it
---
Thanks
ijg0
- Original Message -
From:
Jones, Steven
To: 'Ian Goodall' ; debian-security@lists.debian.org
Sent: Tuesday, March 11, 2003 1:11
I am using http to security.debian.org and mirror.ac.uk. When opening up
port 80(http) it makes no difference. I think this is beacause I am not
running a service to connect i.e. connecting to port 80 on a remote system
from an unprivalged port >1024? Does this mean it will use a different port
ev
On Tue, Mar 11, 2003 at 12:45:48AM -, Ian Goodall wrote:
> Hi Guys,
>
> I am setting up iptables on my debain woody box. I have decided to close
> everyting and then open up just ssh and ssl. This obviously prevents my
> apt-get update from working. What ports do I need to open for this to w
Hi !
It depends how you fetch your packages. Ftp or http ?
You have thus to open either the 80(http) or 21(ftp) port as well. Maybe
you can also limit this to your mirror only, and not to everybody.
Note: If you log the packets you drop, you can take a look on the logs,
and you'll see why your co
op and log
/sbin/iptables
-A INPUT -j drop-and-log-it
---
Thanks
ijg0
- Original Message -
From:
Jones, Steven
To: 'Ian Goodall' ; debian-security@lists.debian.org
Sent: Tuesday, March 11, 2003 1:11
AM
Subject: RE: iptables and apt-
shouldnt do
unless
you changed the output rules?
please
provide your ruleset
Thing
-Original Message-From: Ian Goodall
[mailto:[EMAIL PROTECTED]Sent: Tuesday, 11 March 2003 2:06
To: debian-security@lists.debian.orgSubject: iptables
and apt-get
Hi Guys,
I am se
On Tue, Mar 11, 2003 at 01:45:48AM CET, Ian Goodall wrote:
> Hi Guys,
Heythere :)
>
> [...]. What ports do I need to open for this to work. If it helps I am going
> through a proxy to get to the internet.
If it's an http-proxy, try port 80 :)
--
fear and loathing:
A state inspired by the
Maybe you can simply take a look at this ...
http://www.debian.org/doc/manuals/securing-debian-howto/ap-fw-security-update.en.html
On Tue, Mar 11, 2003 at 12:45:48AM -, Ian Goodall wrote:
> Hi Guys,
>
> I am setting up iptables on my debain woody box. I have decided to close everyting
> a
Yes, there's a problem with ICMP ...
A ICMP type 3 code 1 (so "host unreachable") is sent to you, but blocked
by your firewall... And it's about 172.16.250.1
Is everything well configured ?
Maybe you could also accept some ICMP msg on your INPUT chain ?
e.g. :
iptables -A INPUT -p icmp --icmp-t
there is a problem with icmp.
172.16.5.92 is the linux box and 172.16.250.1:8080 is the proxy
server...
- Original Message -
From:
Jones, Steven
To: 'Ian Goodall' ; [EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 1:39
AM
Subject: RE: iptables and apt-get
d log
/sbin/iptables -A INPUT -j drop-and-log-it
---
Thanks
ijg0
- Original Message -
From:
Jones, Steven
To: 'Ian Goodall' ; [EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 1:11
AM
Subject: RE: iptabl
I am using http to security.debian.org and mirror.ac.uk. When opening up
port 80(http) it makes no difference. I think this is beacause I am not
running a service to connect i.e. connecting to port 80 on a remote system
from an unprivalged port >1024? Does this mean it will use a different port
ev
On Tue, Mar 11, 2003 at 12:45:48AM -, Ian Goodall wrote:
> Hi Guys,
>
> I am setting up iptables on my debain woody box. I have decided to close everyting
> and then open up just ssh and ssl. This obviously prevents my apt-get update from
> working. What ports do I need to open for this to w
Hi !
It depends how you fetch your packages. Ftp or http ?
You have thus to open either the 80(http) or 21(ftp) port as well. Maybe
you can also limit this to your mirror only, and not to everybody.
Note: If you log the packets you drop, you can take a look on the logs,
and you'll see why your co
op and log
/sbin/iptables
-A INPUT -j drop-and-log-it
---
Thanks
ijg0
- Original Message -
From:
Jones, Steven
To: 'Ian Goodall' ; [EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 1:11
AM
Subject: RE: iptables and apt-get
shouldnt
shouldnt do
unless
you changed the output rules?
please
provide your ruleset
Thing
-Original Message-From: Ian Goodall
[mailto:[EMAIL PROTECTED]Sent: Tuesday, 11 March 2003 2:06
To: [EMAIL PROTECTED]Subject: iptables
and apt-get
Hi Guys,
I am setting up iptabl
On Tue, Mar 11, 2003 at 01:45:48AM CET, Ian Goodall wrote:
> Hi Guys,
Heythere :)
>
> [...]. What ports do I need to open for this to work. If it helps I am going through
> a proxy to get to the internet.
If it's an http-proxy, try port 80 :)
--
fear and loathing:
A state inspired by the
40 matches
Mail list logo
