apt-get funktioniert nicht mehr

[Freymuth]

Hey,

apt-get update funktioniert nicht mehr. Müssen extra Ports freigeschaltet werden?

Code: Alles auswählen

#!/bin/bash

echo "Initializing Firewall ..."

# Load modules
modprobe ip_conntrack_ftp

# Clear all other rules
iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Creation of my own chains
iptables -N mydrop

# Configuring our own chains
iptables -A mydrop -j LOG --log-prefix "FW-DROP: "
iptables -A mydrop -j DROP

# Loopback communication
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Statefull Inspection
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state INVALID -j mydrop
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# SSH
iptables -A INPUT -p tcp --dport 44077 -m state --state NEW -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT

# ICMP Ping
iptables -A INPUT -p icmp -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p icmp -m state --state NEW -j ACCEPT

# DNS
#iptables -A INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
#iptables -A INPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT
#iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT

# Apt-Get without problem (Klappt nicht)
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

# WWW
#iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
#iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
# Mail
#iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT
#iptables -A INPUT -p tcp --dport 110 -m state --state NEW -j ACCEPT
#iptables -A INPUT -p tcp --dport 143 -m state --state NEW -j ACCEPT

# FTP
iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT

# DHCP
#iptacles -A INPUT -p udp --dport 67 -m state --state NEW -j ACCEPT

# Schutz vor Syn-Flood:
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
# Port-Scans verbieten:
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
# Schutz vor Ping-of-Death:
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

#Teamspeak 3 Server
iptables -A INPUT -p udp --dport 9987 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 30033 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 10011 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp --dport 2010 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 41144 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp --dport 2008 -m state --state NEW -j ACCEPT


echo "Firewall is configured and active!"

iptables -A INPUT -j LOG --log-prefix "FW-NOT-MATCHED:"
iptables -A OUTPUT -j LOG --log-prefix "FW-NOT-MATCHED:"

exit 0

Code: Alles auswählen

root@Debian-81-jessie-64-minimal ~ # apt-get update
Err http://security.debian.org jessie/updates InRelease

Err http://http.debian.net jessie InRelease

Err http://http.debian.net jessie-updates InRelease

Err http://http.debian.net jessie Release.gpg
  Could not resolve 'http.debian.net'
Err http://security.debian.org jessie/updates Release.gpg
  Could not resolve 'security.debian.org'
Err http://http.debian.net jessie-updates Release.gpg
  Could not resolve 'http.debian.net'
Err http://mirror.hetzner.de jessie InRelease

Err http://mirror.hetzner.de jessie Release.gpg
  Could not resolve 'mirror.hetzner.de'
Reading package lists... Done
W: Failed to fetch http://mirror.hetzner.de/debian/packages/dists/jessie/InRelease

W: Failed to fetch http://http.debian.net/debian/dists/jessie/InRelease

W: Failed to fetch http://http.debian.net/debian/dists/jessie-updates/InRelease

W: Failed to fetch http://security.debian.org/dists/jessie/updates/InRelease

W: Failed to fetch http://security.debian.org/dists/jessie/updates/Release.gpg  Could not resolve 'security.debian.org'

W: Failed to fetch http://http.debian.net/debian/dists/jessie/Release.gpg  Could not resolve 'http.debian.net'

W: Failed to fetch http://http.debian.net/debian/dists/jessie-updates/Release.gpg  Could not resolve 'http.debian.net'

W: Failed to fetch http://mirror.hetzner.de/debian/packages/dists/jessie/Release.gpg  Could not resolve 'mirror.hetzner.de'

W: Some index files failed to download. They have been ignored, or old ones used instead.
root@Debian-81-jessie-64-minimal ~ #

Liebe Grüße

[kalle123]

Hi Freymuth.
Oben links auf der Forumsseite gibt es den Link NoPaste unterhalb WILLKOMMEN!
Mach das Lesen von solchen Beiträgen einfacher.

Gruß KH

[eggy]

Firewall-Regeln im Kopf parsen macht bei dem Wetter so garkeinen Spass:
Output von "iptables-save" und "iptables --list -nv" nach nopaste tun, dann sehen wir weiter.

[Freymuth]

Sorry. ^^

pastebin.php?mode=view&s=38722

pastebin.php?mode=view&s=38723

Liebe Grüße

[eggy]

Ja, damit machen die "could not resolve" Meldungen auch Sinn ... DNS ausgehend vergessen?

[Freymuth]

Stimmt das nun so? O.o Sieht komisch aus.

Code: Alles auswählen

Ign http://mirror.hetzner.de jessie InRelease
Hit http://mirror.hetzner.de jessie Release.gpg
Hit http://security.debian.org jessie/updates InRelease
Hit http://http.debian.net jessie InRelease
Hit http://http.debian.net jessie-updates InRelease
Hit http://mirror.hetzner.de jessie Release
Hit http://security.debian.org jessie/updates/main amd64 Packages
Hit http://http.debian.net jessie/main amd64 Packages
Hit http://http.debian.net jessie/contrib amd64 Packages
Hit http://security.debian.org jessie/updates/contrib amd64 Packages
Hit http://http.debian.net jessie/non-free amd64 Packages
Hit http://http.debian.net jessie/contrib Translation-en
Hit http://security.debian.org jessie/updates/non-free amd64 Packages
Hit http://http.debian.net jessie/main Translation-en
Hit http://http.debian.net jessie/non-free Translation-en
Hit http://security.debian.org jessie/updates/contrib Translation-en
Hit http://security.debian.org jessie/updates/main Translation-en
Hit http://security.debian.org jessie/updates/non-free Translation-en
Hit http://http.debian.net jessie-updates/main amd64 Packages
Hit http://http.debian.net jessie-updates/contrib amd64 Packages
Hit http://http.debian.net jessie-updates/non-free amd64 Packages
Hit http://mirror.hetzner.de jessie/contrib Translation-en
Hit http://http.debian.net jessie-updates/contrib Translation-en
Hit http://mirror.hetzner.de jessie/main Translation-en
Hit http://mirror.hetzner.de jessie/non-free Translation-en
Hit http://http.debian.net jessie-updates/main Translation-en
Hit http://mirror.hetzner.de jessie/main amd64 Packages
Hit http://mirror.hetzner.de jessie/contrib amd64 Packages
Hit http://http.debian.net jessie-updates/non-free Translation-en
Hit http://mirror.hetzner.de jessie/non-free amd64 Packages
Reading package lists... Done

[eggy]

Was soll daran komisch sein?

[Freymuth]

Weil ich meine das sah vorher anders aus und weil er sagt "Ign http..."

Heißt das nicht Ignore?

Liebe Grüße