Firewalla Gold and Linux Ubuntu apt-get blocked

parsoli

January 06, 2021 22:11

Has anyone else tried to build a Linux server and run apt get? I had to put my server into emergency access in order for apt get to reach the repositories.

Thanks!

Comments

9 comments

James Willhoite

January 07, 2021 00:05

Edited
I have 2 virtual Ubuntu servers and have no problems. Just tested a apt update on them and have no issues.

Do you have any of the repos blocked for some reason? Region block?
0

Comment actions Permalink
James Willhoite

January 07, 2021 00:12
Looks like my mirrors for apt get are accessing the UK.
0

Comment actions Permalink
Firewalla

January 07, 2021 00:40
If emergency access works, then likely something in the rule button, or doh/familymode/adblocker is blocking.
0

Comment actions Permalink
Andy brown

January 07, 2021 07:42
I’ve got a virtual Ubuntu, CentOS and Kali Linux, no problem with any of them.
0

Comment actions Permalink
parsoli

January 08, 2021 21:02
Stood up two more instances of Linux. CentOS and Debian. Same deal. Back to James' thought/comment, it's possible that a mirror is trying to be accessed that I've blocked with a geo rule. But I've really only blocked eastern block countries. Oh well, we I need apt-get, I'll turn monitoring off.

The issue isn't with running Linux, it's purely with performing updates where it reaches out to repositories.
0

Comment actions Permalink
James Willhoite

January 08, 2021 21:47
If you turn the emergency access on can you access the mirrors? That way it will still log the sites it is accessing.

Do you see any of the sites listed in the network flow?
0

Comment actions Permalink
parsoli

January 09, 2021 02:38
What's interesting is that it's showing IPV6 info which I thought was odd as the Ubuntu box is only running IPv4 and I block IPv6 on WAN and LAN interfaces on the FWG. So I enabled IPV6 on WAN and LAN for giggles and it didn't fix anything. Then I shut those down. FWG didn't like that and took down our internet for about 7 minutes (kids crying, wife complaining)....then when it came back up after a reboot.....apt-get started working. So I ran an update "apt-get update" and everything was good. Then I waited a couple of minutes and ran it again and received the below (truncated). Monitoring is on, Emergency is OFF

Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease

Could not connect to archive.ubuntu.com:80 (91.189.88.152). - connect (111: Connection refused) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (91.189.88.142). - connect (111: Connection refused) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable)

Err:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease

Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable)

If I put into Emergency mode, everything is flowing just fine. I do not see any blocked sites in network flow, which is what makes this very odd.
0

Comment actions Permalink
Firewalla

January 09, 2021 05:02

Edited
Do you have DoH on? or any rules that are blocking under the rules button?

When you turn the emergency mode on, for sure it is one of the rules that's blocking. Just need to figure out what... and fortunately, in 1.972 we will have blocking logs, hopefully that will help in this case.
0

Comment actions Permalink
parsoli

January 09, 2021 20:15
No DoH and there are no rules set for the host except a port forward rule from WAN to it on port 80 as it's an NGinx load balancer/reverse proxy. It's no big deal, just thought it curious.

We'll wait for 1.972, which sounds awesome. Love logs....
0

Comment actions Permalink

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?