Which ports should I open for apt-get to work?

Question

I installed Webmin, and then set up the firewall like this:

INPUT
SSH port ALLOWED
Webmin port ALLOWED
HTTP port (80) ALLOWED
DROP EVERYTHING ELSE

FORWARDING
no rules

OUTPUT
no rules

If I remove DROP EVERYTHING ELSE from INPUT, everything works.

However, when that rule is added, apt-get doesn't work, and I can't ping or traceroute anything.

Even with DROP EVERYTHING ELSE enabled, Webmin, HTTP and SSH still work.

Which ports should I unblock to get apt-get working and allowed connecting to other domains from within the server?

Thanks

score 8 · Accepted Answer · edited Jun 23 '15 at 00:37

8

Make sure you accept also connection originated from inside. With iptables:

iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

With Webmin, allow

Connection states EQUALS Existing Connection

edited Jun 23 '15 at 00:37

answered Jun 23 '15 at 00:05

Yam Gotham

1

Hello, this works fine.Thanks! P.S. to do this on Webmin (for anyone who finds this on Google) you need to choose "Connection states EQUALS Existing Connection" – cantsay Jun 23 '15 at 00:21

score 1 · Answer 2 · answered Mar 11 '21 at 15:59

1

You should have port 80 for TCP and 53 for UDP in INPUT enabled

-A INPUT -p udp --sport 53 --dport 1024:65535 -j ACCEPT
-A INPUT -p tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT

answered Mar 11 '21 at 15:59

Miroslav Oprsteny

devaskim · Answer 3 · 2022-10-01T08:27:51.373

-1

For me on Ubuntu 22 @Miroslav Oprsteny and @Yam Gotham answers get worked with this

iptables -I INPUT -i lo -j ACCEPT

edited Oct 01 '22 at 08:27

answered Oct 01 '22 at 08:26

devaskim

3 Answers3