[SOLVED] Iptables doesn't allow pacman -S(y) anymore...

madnerves · 2009-05-04 21:31:16

Hi there,
First of all, sorry for my english .

I've just configured my firewall, but now i can't get pacman working great. Nowatime I can't synchronise, and i can't install anything. So, I think that pacman use port number 80, but iam not sure. I did make some searches but could not find anything on the port used.

So here are my rules :

 #!/bin/sh

    # Flush and delete all rules
    sudo iptables -F
    sudo iptables -X
    sudo iptables -t nat -F

    # Keep connections open
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

##INPUT
    # Allow ssh
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT

    # Allow ping
    #iptables -A INPUT -p icmp -j ACCEPT

    # Allow HTTP
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT

    # Allow SMTP & POP
    iptables -A INPUT -p tcp --dport 25 -j ACCEPT
    iptables -A INPUT -p tcp --dport 993 -j ACCEPT

    # Allow NNTPS
    iptables -A INPUT -p tcp --dport 563 -j ACCEPT

    # Allow JABBER
    #iptables -A INPUT -p tcp --dport 5222 -j ACCEPT
    #iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
    #iptables -A INPUT -p udp --dport 8000 -j ACCEPT
    #iptables -A INPUT -p tcp --dport 21 -j ACCEPT

##Default rules
    # Block all INPUT & FORWARD
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    # block all OUTPUT
    iptables -P OUTPUT DROP

##LOOPBACK
    # Allow loopback
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT

##OUTPUT
    # Allow FTP, DNS, HTTP, HTTPS
    iptables -A OUTPUT -p tcp --dport 20 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
    iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 563 -j ACCEPT

    # Allow SMTP, POP & IMAP
    iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 143 -j ACCEPT

    # Allow NTP
    iptables -A OUTPUT -p tcp --dport 123 -j ACCEPT
    iptables -A OUTPUT -p udp --dport 123 -j ACCEPT

    # Allow SSH
    iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
    iptables -A OUTPUT -p udp --dport 22 -j ACCEPT

    # Allow WHOIS
    iptables -A OUTPUT -p tcp --dport 43 -j ACCEPT

    # Allow USENET
    #iptables -A OUTPUT -p tcp --dport 119 -j ACCEPT
    #iptables -A OUTPUT -p tcp --dport 8000 -j ACCEPT
    #iptables -A OUTPUT -p udp --dport 8000 -j ACCEPT

Can you help me get it working great please?
Thanks a lot friends

Last edited by madnerves (2009-05-06 08:41:18)

.:B:. · 2009-05-04 22:04:46

We need to know whether you're syncing to a HTTP or an FTP mirror too... I suppose FTP.

Make sure you have the ip_conntrack_ftp module loaded (kernel module, that is). Restart the firewall, and if you have all the right ports allowed, it should work fine.

fukawi2 · 2009-05-04 22:17:41

What is the actual error you get from pacman?

sjovan · 2009-05-05 07:46:20

And a look at your /etc/pacman.d/mirrorlist would also be nice.

madnerves · 2009-05-05 15:48:26

Damn lool, the problem was that the module ip_conntrack_ftp was not loaded.

Thanks a lot for your help guys, see you soon (or not ) lol

.:B:. · 2009-05-05 15:49:15

Add [Solved] to your topic title please .

madnerves · 2009-05-06 08:41:51

Oh yes sorry I forgot it
Thanks

Arch Linux

#1 2009-05-04 21:31:16

[SOLVED] Iptables doesn't allow pacman -S(y) anymore...

#2 2009-05-04 22:04:46

Re: [SOLVED] Iptables doesn't allow pacman -S(y) anymore...

#3 2009-05-04 22:17:41

Re: [SOLVED] Iptables doesn't allow pacman -S(y) anymore...

#4 2009-05-05 07:46:20

Re: [SOLVED] Iptables doesn't allow pacman -S(y) anymore...

#5 2009-05-05 15:48:26

Re: [SOLVED] Iptables doesn't allow pacman -S(y) anymore...

#6 2009-05-05 15:49:15

Re: [SOLVED] Iptables doesn't allow pacman -S(y) anymore...

#7 2009-05-06 08:41:51

Re: [SOLVED] Iptables doesn't allow pacman -S(y) anymore...

Board footer