Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
One of the last things that I needed to do before I was happy that my Linux installation was to get the firewall running. Long story short, I've ended up using Gaurddog to configure IPTables.
I thought that everything was running fine, but they when I tried to run emerge sync it just hung when trying to connect to a server. Seeing as this was running fine prior to starting the firewall, I am certain that all I need to do is configure Guarddog to allow rsync through, problem of course is how?
I've had a look around and found that the rsync server requires port 837 (I think that's what it was) but the client just uses a "high port".
If someone could give me some advice as to how I would set Guaddog to allow rsync through then I would be grateful.
I am in the same situation as you. If you find an answer I would love to hear it. I either disable my firewall, or use this method. Emerge gentoolkit and check out the emerge-webrsync utility. This uses port 80 so your firewall will not stop it.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Code:
-bash-2.05b$ grep rsync /etc/services
rsync 873/tcp # rsync server
Any time you don't know what port a service uses, your first check should be /etc/services
You must have a very strict, or else misconfigured iptables setup. Normally iptables scripts will allow all TCP traffic back through the firewall if it's in a "RELATED" state, that is, it was requested in some way by your machine. If normal web surfing works, then you must only be keeping state for certain destination ports (such as 80/tcp for web surfing). You need to make sure that your firewall allows you to make outbound connections proto tcp from sport > 1023 and to dport = 873.
Obviously that's not happening right now, so you should check your firewall log to see what traffic is getting blocked (is it the outbound packet from your machine, or the return packet back to it?).
I noticed that there has been a lot of activity at packages.gentoo.org so I decided to run a websync so that I could do an up to date (as possible) emerge -U world. The only thing to come up (as it only takes into account ifo up until yesterday) was rsync version 2.6.0. Installed this, and thought, what the hell, let's try an emerge sync. Worked fine first time. I've not done anything with the firewall at all, and best I can tell it's still running ok, but rsync now works, which is all I wanted.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
rsync through Guarddog/IPTables on Gentoo
