Solved

Bind910 installation on FreeBSD

Posted on 2014-10-02
9
812 Views
Last Modified: 2016-02-11
pkg install bind910
waits for "Updating FreeBSD repository catalogue..." about 10 minutes
and then
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/meta.txz: Operation timed out
pkg: repository FreeBSD has no meta file, using default settings

And then it's failed.  I'm wait for 10 minutes  and will tell you.

Update:
Okay, I finally got the response:

The following 3 packages will be affected (of 0 checked):

New packages to be INSTALLED:
      bind910: 9.10.1
      libxml2: 2.9.1_1
      idnkit: 1.0_5

The process will require 53 MB more space.
7 MB to be downloaded.

Proceed with this action? [y/N]: y
0
Comment
Question by:Nusrat Nuriyev
  • 6
  • 2
9 Comments
 

Author Comment

by:Nusrat Nuriyev
ID: 40357230
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/All/bind910-9.10.1.txz: No route to host
Why no route  to host?

fetch http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/All/bind910-9.10.1.txz

Also stucks

Ok there was a problem with firewall.
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40357591
00100 allow ip from any to any via lo0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16

what all this stuff does mean?
Can this cause the a lot of problems with routing? can't ssh, rsync, pkg install,  fetch, ping?
0
 
LVL 77

Expert Comment

by:arnold
ID: 40358702
Please most netstat -rn output to see your routing table.
if you have public IPs on the system, masquerade the first three octets by replcing them with xxx.xxx.xxx
These are firewall rules that deal with what type of traffic and direction is permitted/denied.
You can install using your CD/DVD as the source without the need to go out to the internet to retrieve the package. See within the config whether the DVD/CDROM is setup as a possible source.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 40361282
Can you check counters of those firewall rules? I doubt they ever caught any packet at all.
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361939
arnold,

root@ns2:~ # netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            74.200.120.1        UGS         0     6929   bge0
74.200.120.0/26     link#1             U           1     2347   bge0
74.200.120.42       link#1             UHS         0      230    lo0
127.0.0.1          link#3             UH          0       11    lo0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#3                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%bge0/64                    link#1                        U          bge0
fe80::21c:c4ff:fec3:d472%bge0     link#1                        UHS         lo0
fe80::%lo0/64                     link#3                        U           lo0
fe80::1%lo0                       link#3                        UHS         lo0
ff01::%bge0/32                    fe80::21c:c4ff:fec3:d472%bge0 U          bge0
ff01::%lo0/32                     ::1                           U           lo0
ff02::/16                         ::1                           UGRS        lo0
ff02::%bge0/32                    fe80::21c:c4ff:fec3:d472%bge0 U          bge0
ff02::%lo0/32                     ::1                           U           lo0
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361942
Gheist,
when I add this rule to ns2
ipfw add allow ip from 74.200.120.41 to me dst-port 9333

Open in new window

I can't conect to ns2 from ns1
when I add this rule to ns2
ipfw add allow ip from  74.200.120.41 to me

Open in new window

Then, I can  connect to ns2 from ns1

ommitting port makes difference, what man be the reason?
Both sshd are configured with the port 9333 instead of 22.
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361944
also, there is no packet matching to the rule above, you were right

00200    0      0 deny ip from any to 127.0.0.0/8
00200    0      0 deny ip from any to 127.0.0.0/8
00300    0      0 deny ip from 127.0.0.0/8 to any
00300    0      0 deny ip from 127.0.0.0/8 to any
00400    0      0 deny ip from any to ::1
00500    0      0 deny ip from ::1 to any
00600    0      0 allow ipv6-icmp from :: to ff02::/16
00700    0      0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800    0      0 allow ipv6-icmp from fe80::/10 to ff02::/16
00900    0      0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000    0      0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361947
Another question: why some of those  rules are duplicated? I suppose because I have two physical ethernet interfaces on the server? so it's because of interface information were omitted while this listing was printed?
0
 
LVL 62

Expert Comment

by:gheist
ID: 40361952
Would be nice if you manage to start WITHOUT firewall, make sure new package works, then lock+log everything with firewall and allow everything that was needed+denied.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to install backtrack5 on iphone 3 424
How to install Ubuntu 9 135
iptables ubuntu BLOCK all 2 84
Autoresponder for Whole Domain in Plesk/Cpanel 2 77
Users are often faced with high disk consumption without really knowing where the largest amount of data resides. Disk Usage Analyzer (aka Baobab) is is a graphical, menu-driven application to analyse disk usage in any Gnome environment and can e…
In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question