When I activate default firewall in ISPConfig3 I got following connection errors when using apt-get update: Code: Err http://ftp.us.debian.org stable Release.gpg Could not resolve 'ftp.us.debian.org' Err http://security.debian.org stable/updates Release.gpg Could not resolve 'security.debian.org' Err http://ftp.debian.org stable Release.gpg Could not resolve 'ftp.debian.org' Reading package lists... Done When I ping domains it also didn't work, but when I ping IP it works... so I think this could be related with server dns... The issue is that when I deactivate the ispconfig firewall all works! This server is a openvz vps, debian 5 with following firewall config: Code: Open TCP ports: 20,21,222,25,53,80,110,143,443,3306,8080,10000 Code: Open UDP ports: 53,3306
Are you also having the problem inside a openvz container like me? Not sure if this is related with openvz... and I'm checking possible solutions...
No, I have standard server (Debian 5 + ISPConfig 3) but there is exactly same problem with that ISPConfig firewall ... can't use apt-get, ping on domains etc. Looks like some issue with outgoing rules or something.
The ispconfig firewall does not has any outgoing rules at all, so the problem must be something else on your system. Maybe you had already another firewall running which might cazse a mixture of iptable rules.
It's a new installed server following perfect debian 5 setup with ispconfig 3. In my case I was thinking it could be related with openvz (this server is a vps), but amcom told he is not using a openvz server... It's true that the server also has installed webmin, but if I'm not wrong webmin doesn't confgures firewall rules when installed... Related with webmin, amcom, do you also have installed webmin? By the way, if it helps I could post my iptables rules.
Perhaps it's just that the external IP is listed in /etc/resolv.conf, and the (UDP) answer blocked. Could/would you try 127.0.0.1 in /etc/resolv.conf and/or try to run a tcpdump -vv -i eth0 port 53 in another terminal and repeat a lookup? Please post the output back here.. Paul