Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Running emerge behind a firewall with 873 open
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
Lasitus
Apprentice
Apprentice


Joined: 05 Oct 2002
Posts: 188
Location: Orlando, FL
PostPosted: Sun Jan 12, 2003 3:07 am    Post subject: Running emerge behind a firewall with 873 open Reply with quote
Hello,

I have searched around and it seems everyone's problems go away when they open up port 873. I tried this, however, and it does not make a difference. Though when I disable my firewall it works.

Here is my firewall config:
Code:

#!/sbin/runscript

IPT=/sbin/iptables
LOCALNETWORK=192.168.0.0/0
EXTINTERFACE=eth0
INTINTERFACE=eth1
DNS1=24.95.227.34
DNS2=24.95.227.35
INTIP=192.168.3.1

depend() {
  need net procparam
  after net.eth1
}

start() {
  ebegin "Starting firewall"

  # Set default rule to drop
  $IPT -P INPUT DROP
  $IPT -P OUTPUT DROP
  $IPT -P FORWARD DROP

  # Create chain for allowed forward traffic
  $IPT -N allowed-ports-forward
  $IPT -F allowed-ports-forward
  $IPT -A allowed-ports-forward -p tcp --dport www -j ACCEPT
  $IPT -A allowed-ports-forward -p tcp --dport https -j ACCEPT
  $IPT -A allowed-ports-forward -p tcp --dport 22 -j ACCEPT #SSH
  $IPT -A allowed-ports-forward -p tcp --dport 20 -j ACCEPT #FTP
  $IPT -A allowed-ports-forward -p tcp --dport 21 -j ACCEPT #FTP
  $IPT -A allowed-ports-forward -p tcp --dport 5190 -j ACCEPT #AOL
  $IPT -A allowed-ports-forward -p tcp --dport smtp -j ACCEPT

  # Create chain for allowed server traffic
  $IPT -N allowed-ports-server
  $IPT -F allowed-ports-server
  $IPT -A allowed-ports-server -p icmp -j ACCEPT
  $IPT -A allowed-ports-server -p tcp --dport 22 -j ACCEPT #SSH
  $IPT -A allowed-ports-server -p tcp --dport 80 -j ACCEPT #HTTP
  $IPT -A allowed-ports-server -p tcp --dport 81 -j ACCEPT #HTTPS
  $IPT -A allowed-ports-server -p tcp --dport 873 -j ACCEPT #rsync

  # Create chain for DNS
  $IPT -N dns
  $IPT -F dns
  $IPT -A dns -p udp -d $DNS1 --dport domain -j ACCEPT
  $IPT -A dns -p udp -d $DNS2 --dport domain -j ACCEPT

  # Apply chains to INPUT
  $IPT -A INPUT -j dns
  $IPT -A INPUT -j allowed-ports-server
  $IPT -A INPUT -i lo -j ACCEPT
  $IPT -A INPUT -i $INTINTERFACE -j ACCEPT

  # Apply chains to OUTPUT
  $IPT -A OUTPUT -j dns
  $IPT -A OUTPUT -j allowed-ports-server
  $IPT -A OUTPUT -o lo -j ACCEPT
  $IPT -A OUTPUT -o $INTINTERFACE -j ACCEPT

  # Apply chains to FORWARD
  $IPT -A FORWARD -j dns
  $IPT -A FORWARD -j allowed-ports-forward

  # Start Masquerading
  $IPT -t nat -A POSTROUTING -s $LOCALNETWORK -j MASQUERADE
  $IPT -A FORWARD -i $EXTINTERFACE -j ACCEPT

  eend $?
}

stop() {
  ebegin "Stopping firewall"
  $IPT -F
  $IPT -t nat -F
  $IPT -X
  $IPT -P INPUT ACCEPT
  $IPT -P FORWARD ACCEPT
  $IPT -P OUTPUT ACCEPT
  eend $?
}
Back to top
View user's profile Send private message
scocou
Apprentice
Apprentice


Joined: 16 Aug 2002
Posts: 184
Location: Pacific NW, Canada
PostPosted: Sun Jan 12, 2003 5:42 am    Post subject: Reply with quote
By 'running emerge' do you mean rsync'ing the portage tree? If so then yes, rsync uses port 873. If by 'running emerge' you mean emerging a program, then we're talking wget. This should be ports 20 and 21 as far as I know (http & ftp)... works for me with these open.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy