Hi Does anybody know, which ports must be open for successful you-update ? I closed all ports and left only the http/s, ftp, ssh, dns ports open. I analyzed the packet trace of my firewall router and see something about port 113 and 333 when starting you. Any hints ? Regards Michael Rauter
Does anybody know, which ports must be open for successful you-update ? I closed all ports and left only the http/s, ftp, ssh, dns ports open. I analyzed the packet trace of my firewall router and see something about port 113 and 333 when starting you. Can't imagine that, YOU only uses FTP and for some packages (NVidia...) HTTP. FTP is tricky, though - I don't know if it is using active or
On Aug 8, Michael Rauter
Port 333 is the Texar Security Port and port 113 is the auth port for the ident Authentication Service. These shouldn't be required for YOU. -- Simon Oliver
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Am Donnerstag, 8. August 2002 17:08 schrieb Markus Gaugusch:
On Aug 8, Michael Rauter
wrote: Does anybody know, which ports must be open for successful you-update ? I closed all ports and left only the http/s, ftp, ssh, dns ports open. I analyzed the packet trace of my firewall router and see something about port 113 and 333 when starting you.
Can't imagine that, YOU only uses FTP and for some packages (NVidia...) HTTP. FTP is tricky, though - I don't know if it is using active or passive ftp, but 113 and 333 should NOT be related to YOU in any way.
Port 113 is the ident (or auth) service. Many ftp servers start ident requests on connect; if this is "DENY"ed in the firewall, the connection has to time out on the server, which may take a while. YOU probably will work if you just take your time to drink a coffee in the meantime. Thus, you should REJECT --reject-with tcp-reset connections to port 113: for chain in INPUT OUTPUT FORWARD ; do iptables -I $chain -p tcp --destination-port 113 -j REJECT \ --reject-with tcp-reset done Don't know about port 333, though. Markus, fou4s will have the same problem in this case. Regards, Bastian PS: A couple of IRC servers will show similar behaviour as ftp servers; you may want to reject some more ports the way described above if you regularly connect to the IRC. - -- Bastian Friedrich bastian@bastian-friedrich.de Adress & Fon available on my HP http://www.bastian-friedrich.de/ \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ \ The future isn't what it used to be. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9UoyVlbo7EtEt1mYRAiDUAJ41a1nGg11+50IcQ2KgzGz5JpGg4ACghiOS bq0rJW1wlXAqx5GzmYHKG5Y= =bR62 -----END PGP SIGNATURE-----
On Aug 8, Bastian Friedrich
Port 113 is the ident (or auth) service. Many ftp servers start ident requests on connect; if this is "DENY"ed in the firewall, the connection has to time out on the server, which may take a while. YOU probably will work if you just take your time to drink a coffee in the meantime. Markus, fou4s will have the same problem in this case. No, because I recommended using fou4s with http servers - and they shouldn't use auth ... But you are right, port 113 is likely to come from an FTP server.
kind regards, Markus Gaugusch -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \ Linux 2.4.18-4GB * Now playing Silverchair - Anthem for the year 2000
Hi Thanks for your replys. But it seems to be more ports involved. I try to update from ftp.gwdg.de with YOU on a suse 7.2 box. My bintec x1200 router logs the following lines on YOU connect. The IP 80.128.1.82 is the temporary IP of the router after DSL connect. The IP 192.168.222.11 is the IP of the SuSE 7.2 box Any ideas ? Regards Michael Rauter ----------------------------------------------------------------------- Aug 9 10:51:01 isdn2 INET: NAT: refused incoming session on ifc 10008 prot 6 80.128.1.82:113 <- 134.76.11.100:49693 Aug 9 10:51:01 isdn2 INET: 0000: 45 00 00 3c e9 6f 40 00 38 06 75 ca 86 4c 0b 64 Aug 9 10:51:01 isdn2 INET: 0010: 50 80 01 52 c2 1d 00 71 6b 1f 42 6c 00 00 00 00 Aug 9 10:51:01 isdn2 INET: 0020: a0 02 16 d0 29 e1 00 00 02 04 05 b4 04 02 08 0a Aug 9 10:51:01 isdn2 INET: 0030: 08 b6 ab 03 00 00 00 00 01 03 03 00 Aug 9 10:51:02 isdn2 INET: refuse from if 10008 prot 6 134.76.11.100:49704->192.168.222.11:34126 (RI 16 FI 7) Aug 9 10:51:02 isdn2 INET: 0000: 45 00 00 3c 00 00 40 00 38 06 5f 3a 86 4c 0b 64 Aug 9 10:51:02 isdn2 INET: 0010: c0 a8 de 0b c2 28 85 4e 6b 4c 2b e1 6d 59 89 c7 Aug 9 10:51:02 isdn2 INET: 0020: a0 12 16 a0 84 ed 00 00 02 04 05 ac 04 02 08 0a Aug 9 10:51:02 isdn2 INET: 0030: 08 b6 ab 66 00 8c f1 9e 01 03 03 00 -------------------------------------------------------------------
* Michael Rauter;
Hi
Thanks for your replys. But it seems to be more ports involved. I try to update from ftp.gwdg.de with YOU on a suse 7.2 box. My bintec x1200 router logs the following lines on YOU connect.
The IP 80.128.1.82 is the temporary IP of the router after DSL connect. The IP 192.168.222.11 is the IP of the SuSE 7.2 box
Any ideas ?
Although I do not use YOU just a thought AFAIK YOU downloads the packages via "wget" so maybe if you play with the wget settings /etc/wgetrc maybe you can find some answers. -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Hi I tried the fou4s Package and it works perfect :-) Thanks again for your replies Regards Michael Rauter
participants (6)
-
Bastian Friedrich
-
Markus Gaugusch
-
Michael Rauter
-
Simon Oliver
-
Sven 'Darkman' Michels
-
Togan Muftuoglu