cannot connect up2date through firewall
Bit of a newbie when comes to ipfwadm/ipchains.
I have a RH 7.1 box I'm trying to use up2date on. There is a firewall (RH 5 something or other) between it and the outside world.
When trying to run up2date i can't connect and eventually times out.
Tried to enable ssl port on both firewall and linux box. Doesn't seem to allow to establish connection. I'm probably doing something wrong as I'm not too familiar with ipfwadm/ipchains and firewalling rules.
Netstat -a -p shows
tcp 0 1 mybox:37408 xmlrpc.rhn.redhat.c:443 SYN_SENT 27614/python
(ie. never establishes connection)
Not sure if firewall is preventing connection or ipchains on the box itself.
firewall:
ipfwadm -F -l
IP firewall forward rules, default policy: deny
type prot source destination ports
acc tcp my.ip.range/24 anywhere any -> ftp-data,ftp,ssh,smtp,http,domain,pop-3,auth,1080,3128
acc tcp anywhere my.ip.range/24 any -> ftp-data,ftp,ssh,smtp,http,domain,pop-3,auth,1080,3128
acc udp my.ip.range/24 anywhere any -> domain
acc udp anywhere my.ip.range/24 any -> domain
acc icmp my.ip.range/24 anywhere any
acc tcp my.ip.range/24 0.0.0.0 any -> 443
acc tcp 0.0.0.0 my.ip.range/24 any -> 443
linux RH 7.1 box:
ipchains -L
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT udp ------ ns2.esat.net anywhere domain -> any
ACCEPT udp ------ ns.isi.ie anywhere domain -> any
ACCEPT udp ------ my.box anywhere domain -> any
ACCEPT tcp -y---- anywhere anywhere any -> smtp
ACCEPT tcp -y---- anywhere anywhere any -> http
ACCEPT tcp -y---- anywhere anywhere any -> ftp
ACCEPT tcp -y---- anywhere anywhere any -> ssh
ACCEPT tcp -y---- anywhere anywhere any -> 443
ACCEPT udp ------ anywhere anywhere 67:68 -> 67:68
ACCEPT udp ------ anywhere anywhere 67:68 -> 67:68
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
REJECT tcp -y---- anywhere anywhere any -> 0:1023
REJECT tcp -y---- anywhere anywhere any -> 2049
REJECT udp ------ anywhere anywhere any -> 0:1023
REJECT udp ------ anywhere anywhere any -> 2049
REJECT tcp -y---- anywhere anywhere any -> x11:6009
REJECT tcp -y---- anywhere anywhere any -> 7100
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
|