View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Git Clone 'Could not resolve host: github.com' ...Firewall ports ?
Log in to Ask a Question
✓ Solved

Git Clone 'Could not resolve host: github.com' ...Firewall ports ?

none

Hello,

Ports 22, 80, 443 open both outbound & inbound

This post talks about port 9418

Have opened 9418 both outbound & inbound as above

git clone 'https://github.com/username/reponame.git/'

with the firewall on it fails with 

fatal: unable to access 'https://github.com/username/reponame.git/': Could not resolve host: github.com

When i turn the firewall off it works!

root@127:/# git clone 
https://.................
Cloning into 'DocsAPI'...
remote: Enumerating objects: 2421, done.
remote: Counting objects: 100% (2421/2421), done.
remote: Compressing objects: 100% (1343/1343), done.
remote: Total 2421 (delta 1496), reused 1734 (delta 836), pack-reused 0
Receiving objects: 100% (2421/2421), 6.28 MiB | 12.04 MiB/s, done.
Resolving deltas: 100% (1496/1496), done.

Firewall Config

Label    Port Range  Sources Action  
accept-inbound-HTTP    80  All IPv4, All IPv6  Accept
accept-inbound-HTTPS    443 All IPv4, All IPv6  Accept
accept-inbound-SSH    22  All IPv4, All IPv6  Accept
GIT9418    9418    All IPv4, All IPv6  Accept
Inbound policy:    
inbound policy
Drop
Outbound Rules
Label    Port Range  Destinations    Action  
accept-outbound-HTTPS    443 All IPv4, All IPv6  Accept
accept-outbound-HTTP    80  All IPv4, All IPv6  Accept
accept-outbound-MySQL    3306    192.168.135.49/32   Accept
GIT9418    9418    All IPv4, All IPv6  Accept
accept-outbound-SSH    22  All IPv4, All IPv6  Accept

Any ideas on how to go about figuring this out, my networking skill are not that great ?

6 Replies

✓ Best Answer

Worked Thanks for that.

So:

git clone 'https://github.com/username/reponame.git/'

is using https (443) as a transport…not git (9418). To use git as a transport, you would do it like this:

git clone 'git://github.com/username/reponame.git/'

However, your problem doesn't have to do with any of that…

Your firewall is blocking DNS (tcp/udp port 53). DNS is required to resolve the name github.com to an IP address. That's what the

Could not resolve host: github.com

part of the error message means.

I don't know what "friendly firewall configuration" front-end you're using, but port 53 has to be open for IPv4/IPv6 in both directions for both tcp and udp. Internet-connected systems don't work well at all without DNS.

-- sw

Internet-connected systems don't work well at all without DNS.

As Facebook/Instagram/WhatsApp are finding out today X-D

https://twitter.com/andysh_uk/status/1445110904509681671?s=21

Worked Thanks for that.

You're welcome.

If you're worried about security, you can restrict DNS traffic to be to/from Linode's DNS servers ONLY. That's what I do and it seems to work well. If some higher-order authority needs to be contacted, I let Linode's servers do that. That's what they're there for.

The IP addresses for ns1-ns5.linode.com are published so are well-known.

-- sw

Hi friend,

Nice suggestion, helpfull community here like it.

much respect

S

Don't forget IPv6!

-- sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct