Allow zypper in iptables

Hi,

I want to allow zypper to refresh, update and install packages but am
having issues with the rules. I have tried allowing traffic with the
following rules:

(for each port [80, 443, 20, 21])

iptables -I INPUT -d <ip-of-server> -p tcp --dport 80 -j ACCEPT

Anyone have any idea what I need to do to allow traffic? SUSEFirewall is
no go as it has issues with masquerading for docker containers.


openSUSE Tumbleweed 64 bit
Plasma 5

On 2015-05-26 04:48, alanbortu wrote:
> Hi,
>
> I want to allow zypper to refresh, update and install packages but am
> having issues with the rules. I have tried allowing traffic with the
> following rules:
>
> (for each port [80, 443, 20, 21])
>
> iptables -I INPUT -d <ip-of-server> -p tcp --dport 80 -j ACCEPT

I don’t see the relation of zypper with iptables. Do you want to install
the command “iptables”?

Or is zypper not working because the firewall blocks it? SuSEfirewall
blocks incoming connection, so it can not impede zypper from working.

>
> Anyone have any idea what I need to do to allow traffic? SUSEFirewall is
> no go as it has issues with masquerading for docker containers.

masquerading, docker… what does that have to do with zypper?

Please, you have to explain yourself much better and in detail.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

On 05/25/2015 11:11 PM, Carlos E. R. wrote:
> On 2015-05-26 04:48, alanbortu wrote:
>> Hi,
>>
>> I want to allow zypper to refresh, update and install packages but am
>> having issues with the rules. I have tried allowing traffic with the
>> following rules:
>>
>> (for each port [80, 443, 20, 21])
>>
>> iptables -I INPUT -d <ip-of-server> -p tcp --dport 80 -j ACCEPT
>
>
> I don’t see the relation of zypper with iptables. Do you want to install
> the command “iptables”?
>
> Or is zypper not working because the firewall blocks it? SuSEfirewall
> blocks incoming connection, so it can not impede zypper from working.
>

zypper is not working, since the firewall blocks it. I was wondering if
there was a list of ports that someone had for zypper which I could
allow for it to work.

>>
>> Anyone have any idea what I need to do to allow traffic? SUSEFirewall is
>> no go as it has issues with masquerading for docker containers.
>
> masquerading, docker… what does that have to do with zypper?
>
> Please, you have to explain yourself much better and in detail.
>

It has nothing to do with zypper, it was merely my reason for not using
susefirewall. I had issues with it and docker and so I chose to disable
susefirewall and just write my iptables rules myself. Everything besides
zypper is working fine for me at the moment.

One way I have found to allow traffic is to use “ctstate
RELATED,ESTABLISHED” but this will allow this traffic on all ports and I
would much rather log and allow only certain ports (while still
enforcing the state rules).

I hope that clears up any confusion.

Thanks.

openSUSE Tumbleweed 64 bit
Plasma 5

Can you describe what your exact problem is configuring SUSE FW with a docker container?

When you configure docker container networking, you can define custom ports using the Host’s default interface and IP address or you can define a different interface.

My guess is that solving that issue and then understanding how to configure SUSE FW appropriately would produce the better solution.

If it’s not a problem, you should probably post your Docker file so that anyone who is running docker can replicate/deploy your problem container.
Then, of course describe <in detail> what you’re trying to do and possibly some info about the Host interface (again, depending on what you’re trying to do).

Although I suppose a docker related networking issue can be discussed in this Networking forum, I’d ordinarily recommend this be moved and discussed in the Virtualization forum since docker network configuration is very unique and until that is done correctly you can’t configure more general networking.

TSU