View previous topic :: View next topic |
Author |
Message |
Lasitus Apprentice
Joined: 05 Oct 2002 Posts: 188 Location: Orlando, FL
|
Posted: Sun Jan 12, 2003 3:07 am Post subject: Running emerge behind a firewall with 873 open |
|
|
Hello,
I have searched around and it seems everyone's problems go away when they open up port 873. I tried this, however, and it does not make a difference. Though when I disable my firewall it works.
Here is my firewall config:
Code: |
#!/sbin/runscript
IPT=/sbin/iptables
LOCALNETWORK=192.168.0.0/0
EXTINTERFACE=eth0
INTINTERFACE=eth1
DNS1=24.95.227.34
DNS2=24.95.227.35
INTIP=192.168.3.1
depend() {
need net procparam
after net.eth1
}
start() {
ebegin "Starting firewall"
# Set default rule to drop
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
# Create chain for allowed forward traffic
$IPT -N allowed-ports-forward
$IPT -F allowed-ports-forward
$IPT -A allowed-ports-forward -p tcp --dport www -j ACCEPT
$IPT -A allowed-ports-forward -p tcp --dport https -j ACCEPT
$IPT -A allowed-ports-forward -p tcp --dport 22 -j ACCEPT #SSH
$IPT -A allowed-ports-forward -p tcp --dport 20 -j ACCEPT #FTP
$IPT -A allowed-ports-forward -p tcp --dport 21 -j ACCEPT #FTP
$IPT -A allowed-ports-forward -p tcp --dport 5190 -j ACCEPT #AOL
$IPT -A allowed-ports-forward -p tcp --dport smtp -j ACCEPT
# Create chain for allowed server traffic
$IPT -N allowed-ports-server
$IPT -F allowed-ports-server
$IPT -A allowed-ports-server -p icmp -j ACCEPT
$IPT -A allowed-ports-server -p tcp --dport 22 -j ACCEPT #SSH
$IPT -A allowed-ports-server -p tcp --dport 80 -j ACCEPT #HTTP
$IPT -A allowed-ports-server -p tcp --dport 81 -j ACCEPT #HTTPS
$IPT -A allowed-ports-server -p tcp --dport 873 -j ACCEPT #rsync
# Create chain for DNS
$IPT -N dns
$IPT -F dns
$IPT -A dns -p udp -d $DNS1 --dport domain -j ACCEPT
$IPT -A dns -p udp -d $DNS2 --dport domain -j ACCEPT
# Apply chains to INPUT
$IPT -A INPUT -j dns
$IPT -A INPUT -j allowed-ports-server
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i $INTINTERFACE -j ACCEPT
# Apply chains to OUTPUT
$IPT -A OUTPUT -j dns
$IPT -A OUTPUT -j allowed-ports-server
$IPT -A OUTPUT -o lo -j ACCEPT
$IPT -A OUTPUT -o $INTINTERFACE -j ACCEPT
# Apply chains to FORWARD
$IPT -A FORWARD -j dns
$IPT -A FORWARD -j allowed-ports-forward
# Start Masquerading
$IPT -t nat -A POSTROUTING -s $LOCALNETWORK -j MASQUERADE
$IPT -A FORWARD -i $EXTINTERFACE -j ACCEPT
eend $?
}
stop() {
ebegin "Stopping firewall"
$IPT -F
$IPT -t nat -F
$IPT -X
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
eend $?
}
|
|
|
Back to top |
|
|
scocou Apprentice
Joined: 16 Aug 2002 Posts: 184 Location: Pacific NW, Canada
|
Posted: Sun Jan 12, 2003 5:42 am Post subject: |
|
|
By 'running emerge' do you mean rsync'ing the portage tree? If so then yes, rsync uses port 873. If by 'running emerge' you mean emerging a program, then we're talking wget. This should be ports 20 and 21 as far as I know (http & ftp)... works for me with these open. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|