Hello everyone, How was the meeting last night? I regret I could not make it . . . <br><br>For the last few DAYS I have been working on my firewall and the last thing I have todo is make my manager mini mac to communicate to the apple store. The app loader needs to comunicate to a series of apple servers ( 17.152.249.51 - 58)<br>
trought ports 33001 TCP and 33001-33500 for udp.<br><br>My default gateway has network interfaces, one face WAN (ETH0) and the other facing LAN (ETH1), and is proxyed everything with squid<br><br>on eth1 is behind an NAT and is using DHCP server in it, everything works just fine, I can give access to the managers machine to ssh out or ftp etc. The problem is the app loader that apple provides HAS to have ALL access to all the ports in the firewall.<br>
<br>I have tried:<br><pre><code><span>iptables -I FORWARD -p udp -s MANAGER_IP --dport 0:65535 -i eth1 -o eth0 -m mac --mac-source MANAGER_MAC -j ACCEPT<br>
iptables -I FORWARD -p tcp -s MANAGER_IP --dport 0:65535 -i eth1 -o eth0 -m mac --mac-source MANAGER_MAC -j ACCEPT</span></code><br></pre><pre><code><span>iptables -L FORWARD -nv <br><br>Chain FORWARD (policy DROP 1080 packets, 64708 bytes)<br>
pkts bytes target prot opt in out source destination <br>
<span style="color:rgb(255,102,102)"> 0 0 ACCEPT udp -- eth1 eth0 </span></span></code><code><span>manager-ip </span></code><code><span><span style="color:rgb(255,102,102)"> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> udp manager_mac </span><br style="color:rgb(255,102,102)">
<br><span style="color:rgb(255,102,102)"> 0 0 ACCEPT tcp -- eth1 eth0 manager-ip <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp manager_mac </span><br><br> 1 176 ACCEPT icmp -- * * <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>
52 3451 ACCEPT udp -- eth1 eth0 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> udp dpt:53 <br> 0 0 ACCEPT all -- ppp+ eth0 <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>
0 0 ACCEPT tcp -- eth1 eth0 manager-ip <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:22 <br>
0 0 ACCEPT tcp -- eth1 eth0 manager-ip <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:22 <br> 0 0 ACCEPT tcp -- eth1 eth0 manager-ip <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:21 <br>
0 0 ACCEPT tcp -- eth1 eth0 manager-ip <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:21 <br> 501 402K ACCEPT all -- * * <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> state RELATED,ESTABLISHED <br>
<br><br>I have tested the machine connectivity, it has ssh,ftp,http,https access on everything in the net, but the app refuses to connect to the apple servers, the only error that I get from the app is " TCP/IP connectivity failed ",<br>
the settings for the network for the machine is set to http and https through proxy and everything else has connection direct trough the firewall.<br><br>Does anyone has any ideas what am I missing?<br><br>Thanks for you time<br>
<br>Roddy<br> <br></span></code></pre>