-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Am Donnerstag, 8. August 2002 17:08 schrieb Markus Gaugusch:
On Aug 8, Michael Rauter
wrote: Does anybody know, which ports must be open for successful you-update ? I closed all ports and left only the http/s, ftp, ssh, dns ports open. I analyzed the packet trace of my firewall router and see something about port 113 and 333 when starting you.
Can't imagine that, YOU only uses FTP and for some packages (NVidia...) HTTP. FTP is tricky, though - I don't know if it is using active or passive ftp, but 113 and 333 should NOT be related to YOU in any way.
Port 113 is the ident (or auth) service. Many ftp servers start ident requests on connect; if this is "DENY"ed in the firewall, the connection has to time out on the server, which may take a while. YOU probably will work if you just take your time to drink a coffee in the meantime. Thus, you should REJECT --reject-with tcp-reset connections to port 113: for chain in INPUT OUTPUT FORWARD ; do iptables -I $chain -p tcp --destination-port 113 -j REJECT \ --reject-with tcp-reset done Don't know about port 333, though. Markus, fou4s will have the same problem in this case. Regards, Bastian PS: A couple of IRC servers will show similar behaviour as ftp servers; you may want to reject some more ports the way described above if you regularly connect to the IRC. - -- Bastian Friedrich bastian@bastian-friedrich.de Adress & Fon available on my HP http://www.bastian-friedrich.de/ \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ \ The future isn't what it used to be. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9UoyVlbo7EtEt1mYRAiDUAJ41a1nGg11+50IcQ2KgzGz5JpGg4ACghiOS bq0rJW1wlXAqx5GzmYHKG5Y= =bR62 -----END PGP SIGNATURE-----