Question
Allowing upgrades on a server (ports 80 and 443 are open but still can't run apt installs)
- Posted on February 17, 2019
- DigitalOcean Cloud FirewallsUbuntu 18.04
Asked by myprogramingnotes
Hello, I have a droplet set up as follows:
module "bastion_server" {
ipv6 = "false"
region = "nyc1"
private_networking = "false}"
name = "somename"
source = "mysource"
ssh_fingerprint = ["${var.default_ssh_key_fingerprint}"]
}
and the following firewall rule set up:
resource "digitalocean_firewall" "bastion_server" {
name = "only-ports-22-80-and-443"
droplet_ids = ["${module.bastion_server.id}"]
inbound_rule = [
{
protocol = "tcp"
port_range = "22"
source_addresses = ["myIP"]
},
{
protocol = "tcp"
port_range = "80"
source_addresses = ["0.0.0.0/0", "::/0"]
},
{
protocol = "tcp"
port_range = "443"
source_addresses = ["0.0.0.0/0", "::/0"]
},
{
protocol = "icmp"
source_addresses = ["0.0.0.0/0", "::/0"]
}
]
outbound_rule = [
{
protocol = "icmp"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
]
}
With the above rules, I expect that this server allows:
- ssh access from my ip only
- inbound http and https connections from the internet
- outbound responses to http/https and ICMP queries
The result though is that I can:
- ssh into the server
- but can’t install packages
Can someone please help me pinpoint what rule I am missing?
Thank you
Can someone please tell me what I am missing? Are
Submit an answer
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi there,
Try to open port 53 for DNS. The address lookups for package repos probably isn’t happening. If it still doesn’t work, give some morer logs ;)