• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 904
  • Last Modified:

Bind910 installation on FreeBSD

pkg install bind910
waits for "Updating FreeBSD repository catalogue..." about 10 minutes
and then
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/meta.txz: Operation timed out
pkg: repository FreeBSD has no meta file, using default settings

And then it's failed.  I'm wait for 10 minutes  and will tell you.

Update:
Okay, I finally got the response:

The following 3 packages will be affected (of 0 checked):

New packages to be INSTALLED:
      bind910: 9.10.1
      libxml2: 2.9.1_1
      idnkit: 1.0_5

The process will require 53 MB more space.
7 MB to be downloaded.

Proceed with this action? [y/N]: y
0
Nusrat Nuriyev
Asked:
Nusrat Nuriyev
  • 6
  • 2
1 Solution
 
Nusrat NuriyevAuthor Commented:
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/All/bind910-9.10.1.txz: No route to host
Why no route  to host?

fetch http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/All/bind910-9.10.1.txz

Also stucks

Ok there was a problem with firewall.
0
 
Nusrat NuriyevAuthor Commented:
00100 allow ip from any to any via lo0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16

what all this stuff does mean?
Can this cause the a lot of problems with routing? can't ssh, rsync, pkg install,  fetch, ping?
0
 
arnoldCommented:
Please most netstat -rn output to see your routing table.
if you have public IPs on the system, masquerade the first three octets by replcing them with xxx.xxx.xxx
These are firewall rules that deal with what type of traffic and direction is permitted/denied.
You can install using your CD/DVD as the source without the need to go out to the internet to retrieve the package. See within the config whether the DVD/CDROM is setup as a possible source.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
gheistCommented:
Can you check counters of those firewall rules? I doubt they ever caught any packet at all.
0
 
Nusrat NuriyevAuthor Commented:
arnold,

root@ns2:~ # netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            74.200.120.1        UGS         0     6929   bge0
74.200.120.0/26     link#1             U           1     2347   bge0
74.200.120.42       link#1             UHS         0      230    lo0
127.0.0.1          link#3             UH          0       11    lo0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#3                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%bge0/64                    link#1                        U          bge0
fe80::21c:c4ff:fec3:d472%bge0     link#1                        UHS         lo0
fe80::%lo0/64                     link#3                        U           lo0
fe80::1%lo0                       link#3                        UHS         lo0
ff01::%bge0/32                    fe80::21c:c4ff:fec3:d472%bge0 U          bge0
ff01::%lo0/32                     ::1                           U           lo0
ff02::/16                         ::1                           UGRS        lo0
ff02::%bge0/32                    fe80::21c:c4ff:fec3:d472%bge0 U          bge0
ff02::%lo0/32                     ::1                           U           lo0
0
 
Nusrat NuriyevAuthor Commented:
Gheist,
when I add this rule to ns2
ipfw add allow ip from 74.200.120.41 to me dst-port 9333

Open in new window

I can't conect to ns2 from ns1
when I add this rule to ns2
ipfw add allow ip from  74.200.120.41 to me

Open in new window

Then, I can  connect to ns2 from ns1

ommitting port makes difference, what man be the reason?
Both sshd are configured with the port 9333 instead of 22.
0
 
Nusrat NuriyevAuthor Commented:
also, there is no packet matching to the rule above, you were right

00200    0      0 deny ip from any to 127.0.0.0/8
00200    0      0 deny ip from any to 127.0.0.0/8
00300    0      0 deny ip from 127.0.0.0/8 to any
00300    0      0 deny ip from 127.0.0.0/8 to any
00400    0      0 deny ip from any to ::1
00500    0      0 deny ip from ::1 to any
00600    0      0 allow ipv6-icmp from :: to ff02::/16
00700    0      0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800    0      0 allow ipv6-icmp from fe80::/10 to ff02::/16
00900    0      0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000    0      0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
0
 
Nusrat NuriyevAuthor Commented:
Another question: why some of those  rules are duplicated? I suppose because I have two physical ethernet interfaces on the server? so it's because of interface information were omitted while this listing was printed?
0
 
gheistCommented:
Would be nice if you manage to start WITHOUT firewall, make sure new package works, then lock+log everything with firewall and allow everything that was needed+denied.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now