Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

iptables blocking emerge [SOLVED]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
beatfinger
n00b
n00b


Joined: 07 Nov 2006
Posts: 13
PostPosted: Tue Nov 07, 2006 7:08 pm    Post subject: iptables blocking emerge [SOLVED] Reply with quote
Hey everybody. It seems that my iptables configuration is blocking me from emerging packages. I've looked around on the forums, but I don't see a solution to my problem. When iptables is running with the following configuration (/var/lib/iptables/rules-save):

Code:

# Generated by iptables-save v1.3.4 on Tue Nov  7 14:15:48 2006
*nat
:PREROUTING ACCEPT [52823501:6771135416]
:POSTROUTING ACCEPT [1068042:47630246]
:OUTPUT ACCEPT [1069410:47719830]
COMMIT
# Completed on Tue Nov  7 14:15:48 2006
# Generated by iptables-save v1.3.4 on Tue Nov  7 14:15:48 2006
*mangle
:PREROUTING ACCEPT [81551499:31416824495]
:INPUT ACCEPT [52440684:27717851165]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [25202017:7208761336]
:POSTROUTING ACCEPT [25207233:7208918084]
COMMIT
# Completed on Tue Nov  7 14:15:48 2006
# Generated by iptables-save v1.3.4 on Tue Nov  7 14:15:48 2006
*filter
:INPUT DROP [12233:1900129]
:FORWARD DROP [0:0]
:OUTPUT DROP [286:17160]
[0:0] -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
[0:0] -A INPUT -p udp -m udp --dport 53 -j ACCEPT
[29386:15364928] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
[11:1780] -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 5/min -j ACCEPT
[4431:2737715] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -d 127.0.0.1 -i lo -j ACCEPT
[8683:1394380] -A INPUT -m limit --limit 1/sec -j LOG --log-prefix "KMF: "
[7:2121] -A OUTPUT -p icmp -j ACCEPT
[0:0] -A OUTPUT -s 127.0.0.1 -o lo -j ACCEPT
[0:0] -A OUTPUT -p udp -m udp --dport 389 -j ACCEPT
[0:0] -A OUTPUT -p udp -m udp --dport 636 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 636 -j ACCEPT
[322:21345] -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
[727:41848] -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 8080 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 110 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 995 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 143 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 585 -j ACCEPT
[2154:120431] -A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 137 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 138 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 139 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp --dport 2049 -j ACCEPT
[0:0] -A OUTPUT -p udp -m udp --dport 2049 -j ACCEPT
[28:1726] -A OUTPUT -p tcp -m tcp --dport 873 -j ACCEPT
[0:0] -A OUTPUT -p udp -m udp --dport 873 -j ACCEPT
[0:0] -A OUTPUT -p udp -m udp --dport 123 -j ACCEPT
[20621:3125888] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Nov  7 14:15:48 2006


When I try to execute the following command:

Code:

emerge -uND world


The emerge hangs. Some example output:

Code:

--14:20:19--  ftp://ftp.mirror.nl/pub/mirror/gnu/gettext/gettext-0.15.tar.gz
  (try: 2) => `/usr/portage/distfiles/gettext-0.15.tar.gz'
Connecting to ftp.mirror.nl|194.109.21.66|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD /pub/mirror/gnu/gettext ... done.
==> PASV ...


If I change the default filter OUTPUT to ACCEPT, the emerge seems to work just fine.

I've been fooling around with this issue for several hours now and I feel like there is a really quick solution that doesn't require me to open all outgoing ports; I just don't know what the solution is. If anybody can help, please post something. Thanks.

Last edited by beatfinger on Tue Nov 07, 2006 8:47 pm; edited 1 time in total
Back to top
View user's profile Send private message
madisonicus
Veteran
Veteran


Joined: 20 Sep 2006
Posts: 1130
PostPosted: Tue Nov 07, 2006 7:41 pm    Post subject: Reply with quote
Downloading source usually happens via ftp (and it is according to your example) on port 21. I don't see port 21 open in your iptables script, so I would start there.

HTH,
m
_________________
Please add [SOLVED] to your message title if you feel that your question has been answered.
------
Intel Q9300 Core2 Quad * Gigabyte GA-EP35C-DS3R
Samsung x360
AMD64 x2 4200+ * TF7050-M2 * HTPC
ZOTAC ION A-U Mini-ITX * HTPC
Back to top
View user's profile Send private message
beatfinger
n00b
n00b


Joined: 07 Nov 2006
Posts: 13
PostPosted: Tue Nov 07, 2006 8:47 pm    Post subject: Reply with quote
I totally missed that one. Thanks. I would have been looking for that for days.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy