Solved

Bind910 installation on FreeBSD

Posted on 2014-10-02
9
829 Views
Last Modified: 2016-02-11
pkg install bind910
waits for "Updating FreeBSD repository catalogue..." about 10 minutes
and then
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/meta.txz: Operation timed out
pkg: repository FreeBSD has no meta file, using default settings

And then it's failed.  I'm wait for 10 minutes  and will tell you.

Update:
Okay, I finally got the response:

The following 3 packages will be affected (of 0 checked):

New packages to be INSTALLED:
      bind910: 9.10.1
      libxml2: 2.9.1_1
      idnkit: 1.0_5

The process will require 53 MB more space.
7 MB to be downloaded.

Proceed with this action? [y/N]: y
0
Comment
Question by:Nusrat Nuriyev
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
9 Comments
 

Author Comment

by:Nusrat Nuriyev
ID: 40357230
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/All/bind910-9.10.1.txz: No route to host
Why no route  to host?

fetch http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/All/bind910-9.10.1.txz

Also stucks

Ok there was a problem with firewall.
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40357591
00100 allow ip from any to any via lo0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16

what all this stuff does mean?
Can this cause the a lot of problems with routing? can't ssh, rsync, pkg install,  fetch, ping?
0
 
LVL 78

Expert Comment

by:arnold
ID: 40358702
Please most netstat -rn output to see your routing table.
if you have public IPs on the system, masquerade the first three octets by replcing them with xxx.xxx.xxx
These are firewall rules that deal with what type of traffic and direction is permitted/denied.
You can install using your CD/DVD as the source without the need to go out to the internet to retrieve the package. See within the config whether the DVD/CDROM is setup as a possible source.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 40361282
Can you check counters of those firewall rules? I doubt they ever caught any packet at all.
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361939
arnold,

root@ns2:~ # netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            74.200.120.1        UGS         0     6929   bge0
74.200.120.0/26     link#1             U           1     2347   bge0
74.200.120.42       link#1             UHS         0      230    lo0
127.0.0.1          link#3             UH          0       11    lo0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#3                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%bge0/64                    link#1                        U          bge0
fe80::21c:c4ff:fec3:d472%bge0     link#1                        UHS         lo0
fe80::%lo0/64                     link#3                        U           lo0
fe80::1%lo0                       link#3                        UHS         lo0
ff01::%bge0/32                    fe80::21c:c4ff:fec3:d472%bge0 U          bge0
ff01::%lo0/32                     ::1                           U           lo0
ff02::/16                         ::1                           UGRS        lo0
ff02::%bge0/32                    fe80::21c:c4ff:fec3:d472%bge0 U          bge0
ff02::%lo0/32                     ::1                           U           lo0
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361942
Gheist,
when I add this rule to ns2
ipfw add allow ip from 74.200.120.41 to me dst-port 9333

Open in new window

I can't conect to ns2 from ns1
when I add this rule to ns2
ipfw add allow ip from  74.200.120.41 to me

Open in new window

Then, I can  connect to ns2 from ns1

ommitting port makes difference, what man be the reason?
Both sshd are configured with the port 9333 instead of 22.
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361944
also, there is no packet matching to the rule above, you were right

00200    0      0 deny ip from any to 127.0.0.0/8
00200    0      0 deny ip from any to 127.0.0.0/8
00300    0      0 deny ip from 127.0.0.0/8 to any
00300    0      0 deny ip from 127.0.0.0/8 to any
00400    0      0 deny ip from any to ::1
00500    0      0 deny ip from ::1 to any
00600    0      0 allow ipv6-icmp from :: to ff02::/16
00700    0      0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800    0      0 allow ipv6-icmp from fe80::/10 to ff02::/16
00900    0      0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000    0      0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
0
 

Author Comment

by:Nusrat Nuriyev
ID: 40361947
Another question: why some of those  rules are duplicated? I suppose because I have two physical ethernet interfaces on the server? so it's because of interface information were omitted while this listing was printed?
0
 
LVL 62

Expert Comment

by:gheist
ID: 40361952
Would be nice if you manage to start WITHOUT firewall, make sure new package works, then lock+log everything with firewall and allow everything that was needed+denied.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After running Ubuntu some time, you will be asked to download updates for fixing bugs and security updates. All the packages you download replace the previous ones, except for the kernel, also called "linux-image". This is due to the fact that w…
In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question