[Discuss] web server can't see out but others can see in

Derek Martin invalid at pizzashack.org
Tue Sep 25 18:06:39 EDT 2012


On Tue, Sep 25, 2012 at 05:05:08PM -0400, Eric Chadbourne wrote:
> eric at webserver1:~$ ping google.com
> ping: unknown host google.com
> 
> and
> 
> eric at webserver1:~$ sudo apt-get update
> Err http://us.archive.ubuntu.com precise InRelease

Based just on this, it sounds like you've blocked  DNS, port 53
(mainly UDP, though it's possible you may need TCP also, depending on
what you're doing).

Resolve the IP on some other machine somewhere and ping the IP.  If it
works, your problem is most likely limited to DNS.  If so, most likely
you need a rule to let it through.

Also if you're using NTP to sync your system times, you will probably
need a rule to explicitly allow incoming NTP.  On Linux ntpd is what
(usually) syncs your time, and it requires that your time servers be
able to send packets in to work properly.  I mention this mainly
because if it's not working, you might not immediately notice, and
when it eventually does break you may not connect the failure to this
configuration change at that time.


-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.



More information about the Discuss mailing list