On Fri, Nov 20, 2020 at 11:19 AM Frank Cox <theatre at sasktel.net> wrote:> > So firewalld is blocking something that the Fedora desktop needs. What > > is it? What services do I need to add to firewalls? > > https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/Hi Frank, Thanks for that tip. Here's what I get: Nov 20 12:03:15 goose kernel: FINAL_REJECT: IN=enp4s0 OUTMAC=c8:1snip8:00 SRC=192.168.1.46 DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48746 DF PROTO=TCP SPT=760 DPT=41285 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 20 12:03:18 goose kernel: FINAL_REJECT: IN=enp4s0 OUTMAC=c8:1snip8:00 SRC=192.168.1.46 DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55190 DF PROTO=TCP SPT=760 DPT=41285 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 20 12:03:21 goose kernel: FINAL_REJECT: IN=enp4s0 OUTMAC=c8:1snip8:00 SRC=192.168.1.46 DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31389 DF PROTO=TCP SPT=760 DPT=41285 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 20 12:03:24 goose kernel: FINAL_REJECT: IN=enp4s0 OUTMAC=c8:1snip8:00 SRC=192.168.1.46 DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21119 DF PROTO=TCP SPT=760 DPT=41285 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 20 12:03:26 goose kernel: FINAL_REJECT: IN=enp4s0 OUTMAC=c8:1snip8:00 SRC=192.168.1.46 DST=192.168.1.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63694 DF PROTO=TCP SPT=760 DPT=41285 WINDOW=29200 RES=0x00 SYN URGP=0 So TCP src 760 to 41285. What's that? Mike
On Fri, 20 Nov 2020 12:07:40 -0500 Michael B Allen wrote:> So TCP src 760 to 41285. What's that?Apparently "that" is what you need to allow in order for your desktop to work. What it is actually doing, I'm not sure. Google tells me that port 760 has something to do with Kerberos registration. -- Can we uninstall 2020 and install it again? This one has a virus. MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
On Fri, Nov 20, 2020 at 12:18 PM Frank Cox <theatre at sasktel.net> wrote:> > On Fri, 20 Nov 2020 12:07:40 -0500 > Michael B Allen wrote: > > > So TCP src 760 to 41285. What's that? > > Apparently "that" is what you need to allow in order for your desktop to work. > > What it is actually doing, I'm not sure. Google tells me that port 760 has something to do with Kerberos registration.Apparently I don't know how to do "that" because this: # iptables -A INPUT -p tcp --sport 760 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT still doesn't allow the traffic through (not that I would want to allow an --sport rule anyway but I'd just like to confirm that this traffic is indeed responsible). What am I doing wrong here? I've also tried simpler rules without conntrack or cstate but it's still not getting through. Incidentally I added kerberos and kadmin firewalld services without effect either. Mike