Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Local Connections with DigitalOcean Firewall enabled Question Question
DO Network Firewall vs UFW Question Question

Question

Allowing upgrades on a server (ports 80 and 443 are open but still can't run apt installs)

Posted February 17, 2019 2.1k views
DigitalOcean Cloud FirewallsUbuntu 18.04

Hello, I have a droplet set up as follows: 

module "bastion_server" {
  ipv6                            = "false"
  region                        = "nyc1"
  private_networking  = "false}"
  name                         = "somename"
  source                       = "mysource"
  ssh_fingerprint         = ["${var.default_ssh_key_fingerprint}"]
}

and the following firewall rule set up: 

resource "digitalocean_firewall" "bastion_server" {
  name = "only-ports-22-80-and-443"
  droplet_ids = ["${module.bastion_server.id}"]

  inbound_rule = [
    {
      protocol = "tcp"
      port_range = "22"
      source_addresses = ["myIP"]
    },
    {
      protocol = "tcp"
      port_range = "80"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol = "tcp"
      port_range = "443"
      source_addresses = ["0.0.0.0/0", "::/0"]
    }, 
    {
      protocol = "icmp"
      source_addresses = ["0.0.0.0/0", "::/0"]
    }
  ]

  outbound_rule = [ 
    {
      protocol = "icmp"
      destination_addresses = ["0.0.0.0/0", "::/0"]
    }
  ]
 }

With the above rules, I expect that this server allows:

  • ssh access from my ip only
  • inbound http and https connections from the internet
  • outbound responses to http/https and ICMP queries

The result though is that I can:

  • ssh into the server
  • but can’t install packages

Can someone please help me pinpoint what rule I am missing?

Thank you

Can someone please tell me what I am missing? Are

Add a comment
myprogramingnotes
By:
myprogramingnotes

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Local Connections with DigitalOcean Firewall enabled Question Question
DO Network Firewall vs UFW Question Question
Add a comment
1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
ForYourIT February 18, 2019

Hi there,

Try to open port 53 for DNS. The address lookups for package repos probably isn’t happening.
If it still doesn’t work, give some morer logs ;)

Reply Report

Related

Looking for something else?

Ask a new question Search for more help