Solved

Bind910 installation on FreeBSD

Posted on 2014-10-02
9
820 Views
Last Modified: 2016-02-11
pkg install bind910
waits for "Updating FreeBSD repository catalogue..." about 10 minutes
and then
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/meta.txz: Operation timed out
pkg: repository FreeBSD has no meta file, using default settings

And then it's failed.  I'm wait for 10 minutes  and will tell you.

Update:
Okay, I finally got the response:

The following 3 packages will be affected (of 0 checked):

New packages to be INSTALLED:
      bind910: 9.10.1
      libxml2: 2.9.1_1
      idnkit: 1.0_5

The process will require 53 MB more space.
7 MB to be downloaded.

Proceed with this action? [y/N]: y
0
Comment
Question by:Nusrat Nuriyev
  • 6
  • 2
9 Comments
 

Author Comment

by:Nusrat Nuriyev
ID: 40357230
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/All/bind910-9.10.1.txz: No route to host
Why no route  to host?

fetch http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/All/bind910-9.10.1.txz

Also stucks

Ok there was a problem with firewall.
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40357591
00100 allow ip from any to any via lo0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16

what all this stuff does mean?
Can this cause the a lot of problems with routing? can't ssh, rsync, pkg install,  fetch, ping?
0
 
LVL 78

Expert Comment

by:arnold
ID: 40358702
Please most netstat -rn output to see your routing table.
if you have public IPs on the system, masquerade the first three octets by replcing them with xxx.xxx.xxx
These are firewall rules that deal with what type of traffic and direction is permitted/denied.
You can install using your CD/DVD as the source without the need to go out to the internet to retrieve the package. See within the config whether the DVD/CDROM is setup as a possible source.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 40361282
Can you check counters of those firewall rules? I doubt they ever caught any packet at all.
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361939
arnold,

root@ns2:~ # netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            74.200.120.1        UGS         0     6929   bge0
74.200.120.0/26     link#1             U           1     2347   bge0
74.200.120.42       link#1             UHS         0      230    lo0
127.0.0.1          link#3             UH          0       11    lo0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#3                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%bge0/64                    link#1                        U          bge0
fe80::21c:c4ff:fec3:d472%bge0     link#1                        UHS         lo0
fe80::%lo0/64                     link#3                        U           lo0
fe80::1%lo0                       link#3                        UHS         lo0
ff01::%bge0/32                    fe80::21c:c4ff:fec3:d472%bge0 U          bge0
ff01::%lo0/32                     ::1                           U           lo0
ff02::/16                         ::1                           UGRS        lo0
ff02::%bge0/32                    fe80::21c:c4ff:fec3:d472%bge0 U          bge0
ff02::%lo0/32                     ::1                           U           lo0
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361942
Gheist,
when I add this rule to ns2
ipfw add allow ip from 74.200.120.41 to me dst-port 9333

Open in new window

I can't conect to ns2 from ns1
when I add this rule to ns2
ipfw add allow ip from  74.200.120.41 to me

Open in new window

Then, I can  connect to ns2 from ns1

ommitting port makes difference, what man be the reason?
Both sshd are configured with the port 9333 instead of 22.
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361944
also, there is no packet matching to the rule above, you were right

00200    0      0 deny ip from any to 127.0.0.0/8
00200    0      0 deny ip from any to 127.0.0.0/8
00300    0      0 deny ip from 127.0.0.0/8 to any
00300    0      0 deny ip from 127.0.0.0/8 to any
00400    0      0 deny ip from any to ::1
00500    0      0 deny ip from ::1 to any
00600    0      0 allow ipv6-icmp from :: to ff02::/16
00700    0      0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800    0      0 allow ipv6-icmp from fe80::/10 to ff02::/16
00900    0      0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000    0      0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361947
Another question: why some of those  rules are duplicated? I suppose because I have two physical ethernet interfaces on the server? so it's because of interface information were omitted while this listing was printed?
0
 
LVL 62

Expert Comment

by:gheist
ID: 40361952
Would be nice if you manage to start WITHOUT firewall, make sure new package works, then lock+log everything with firewall and allow everything that was needed+denied.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In order for businesses to be compliant with certain information security laws in some countries, you need to be able to prove that a user (which user it was becomes important to the business to take action against the user after an event has occurr…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question