Community discussions

 
jmginer
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Tue Dec 11, 2012 4:56 am

allow yum on firewall

Fri Sep 25, 2015 11:00 pm

Hello, I have this rules applies, but when the host with IP x.x.x.x try to run a yum update command (is a centos VPS), it gets the showed error. Any idea?

Thanks in advance!!
/ip firewall filter
add chain=forward action=accept src-address=8.8.8.8 in-interface=eth1 comment="CTID-3320" 
add chain=forward action=accept dst-address=x.x.x.x dst-port=9987 protocol=udp in-interface=eth1 comment="CTID-3320" 
add chain=forward action=accept dst-address=x.x.x.x dst-port=30033 protocol=tcp in-interface=eth1 comment="CTID-3320" 
add chain=forward action=accept dst-address=x.x.x.x dst-port=10011 protocol=tcp in-interface=eth1 comment="CTID-3320" 
add chain=forward action=accept dst-address=x.x.x.x dst-port=41144 protocol=tcp in-interface=eth1 comment="CTID-3320" 
add chain=forward action=accept dst-address=x.x.x.x dst-port=2008 protocol=tcp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x dst-port=2010 protocol=udp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x dst-port=6666 protocol=tcp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x dst-port=6666 protocol=udp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x dst-port=7777 protocol=tcp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x dst-port=7777 protocol=udp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x dst-port=20-22 protocol=tcp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x dst-port=80 protocol=tcp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x dst-port=443 protocol=tcp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x dst-port=3306 protocol=tcp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x protocol=icmp in-interface=eth1 comment="CTID-3320"
add chain=forward action=drop dst-address=x.x.x.x comment="CTID-3320"
# yum update
Loaded plugins: fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os&infra=stock error was
12: Timeout on http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os&infra=stock: (28, 'connect() timed out!')
Error: Cannot find a valid baseurl for repo: base
 
jmginer
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Tue Dec 11, 2012 4:56 am

Re: allow yum on firewall

Fri Sep 25, 2015 11:14 pm

fixed adding:
add chain=forward action=accept dst-address=x.x.x.x src-port=20-22 protocol=tcp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x src-port=80 protocol=tcp in-interface=eth1 comment="CTID-3320"
add chain=forward action=accept dst-address=x.x.x.x src-port=443 protocol=tcp in-interface=eth1 comment="CTID-3320"

Who is online

Users browsing this forum: MSN [Bot] and 124 guests