On Wed, 05 Mar 2014 10:49:27 -0600 Bill Wood <william.wo...@comcast.net> wrote:
> On Thu, 2014-02-20 at 07:09 -0500, PaulNM wrote: > . . . > > On second though, I just re-read the OP's message. He's talking > > about the firewall on the Comcast modem/router. It's really rare > > for those types of devices to have outgoing filtering. > > > > However, according to: > > http://media2.comcast.net/anon.comcastonline2/support/userguides/Wireless_Gateway_User_Guide_030811.pdf > > > > It does filter outgoing, but high *does* allow 80, 443, and a bunch > > of common ports. I really suspect dns/mirror issues, but it would > > probably be worth the OP's time to try dropping the firewall level > > and test again. > > I've done a couple of such tests and I *think* check update works at > the lowest firewall level. I do have a much more focused question: > Does either Check Update or Download Updates require FTP? I have a > suspicion that Port 21 may be blocked at the higher firewall levels. > From your last post: Failed to fetch ftp://ftp.us.debian.org/debian/dists/squeeze/contrib/i18n/Translation-en.bz2 Could not connect passive socket. [IP: 64.50.233.100 21] Failed to fetch ftp://ftp.us.debian.org/debian/dists/squeeze/contrib/i18n/Translation-en_US.bz2 Could not connect passive socket. [IP: 64.50.233.100 21] Failed to fetch ftp://ftp.us.debian.org/debian/dists/squeeze/main/i18n/Translation-en.bz2 Could not connect passive socket. [IP: 64.50.233.100 21] Some index files failed to download, they have been ignored, or old ones used instead. The 'ftp:' at the beginning of the URL shows that it is indeed attempting to connect by FTP, as does the reference to 'passive socket' and the '21' after the IP address. FTP uses separate control and data channels, in one of two different ways, and either way, any firewall in between the ends must know enough to associate the two channels. Hence the ftp_conntrack module (or whatever it is called these days) in iptables to do this very job. Change the ftp://ftp.us.... in all of your /etc/apt/sources.list entries to http://ftp.us.... and all will probably be well. Note that the site hostname still begins 'ftp', but it's the part before the colon that matters. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140305185305.721ab...@jretrading.com