Help please

James Linder jam at tigger.ws
Mon Nov 19 04:22:52 UTC 2018 


> On 18 Nov 2018, at 8:00 pm, macports-users-request at lists.macports.org wrote:
> 
>>>> The new bit is a Telstra NBN modem (for Aus’s new high speed broadband.) If any Aus user has tamed the Telstra NBN modem please tell me what and how.
>>> Have you tried using a closer mirror instead of the master (which is in Germany)?
>>> 
>>> https://trac.macports.org/wiki/Mirrors
>>> 
>>> You can separately configure where base is downloaded from during selfupdate (macports.conf) and where ports are downloaded from during selfupdate or sync (sources.conf).
>>> 
>>> We have a mirror in Australia, unfortunately for some reason they don't mirror base. I'll have to have a word with them about that. Maybe there is another mirror that's closer to you than the master. Maybe try the one in New Caledonia.
>>> 
>>> The Australian mirror does mirror ports, so you could use it for that.
>>> 
>>> Trying different servers could also be a troubleshooting step to narrow down whether it's a problem with all rsync traffic or just with reaching specific servers.
>> Ryan thanks.
>> The problem is definately the modem. I turned OFF the firewall (actually I need to think thru, why would the modem have a firewall at all, unless bad guys can login to the modem …) and rsync ran perfectly. I tried but was not able to make a modem firewall rule for rsync.
>> So turn off firewall, selfupdate, turn on is pretty painless.
>> 
>> James
> 
> Have you tried explicitly opening 873/tcp outgoing?
> 
> Have you tried using iftop or wireshark to see what is/isn't being 
> connected to?

Russel I did explicitly make a rule for tcp/873, which surprised me by not working!!
After some thought I did not bother with wireshark, Since my modem is only NAT for machines on my network 
* RFC state that no router (on internet) may route a private address packet
* The modem must dump any un ESTABLISHED,RELATED packet

The firewall could only assist if
* I had machine(s) with a public IP
* All the internet routers were broken and routed private IP packets to me
* My modem was broken and sent unknown packets to SOME MACHINE on my network
* I had an infected machine that tried to call out (to disclose keystrokes or infect other machines)

So just turning off the firewall is the easist way and pretty safe (If my modem was broken then why cant you hack it to have no firewall anyway.)
I think the huge amount of dis-infomation on the subject is akin to saying if you go hiking without a defibulator you are certain to die.

James

More information about the macports-users mailing list