Hello, I''ve got a process on my machine that needs to query a daemon listening on port 1816, UDP. It''s basically not working. root@betabitch [/etc/shorewall]# tcpdump -i lo tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes 14:19:34.332311 IP localhost.32946 > localhost.1816: UDP, length 97 14:19:35.332405 IP localhost.32947 > localhost.1816: UDP, length 97 14:19:36.332147 IP localhost.1816 > localhost.32946: UDP, length 20 14:19:37.331962 IP localhost.1816 > localhost.32947: UDP, length 20 14:19:37.331999 IP localhost > localhost: icmp 56: localhost udp port 32947 unreachable What rule should I add to make this work? I''d much prefer this than routing it back out eth0 and use ''routeback'' to authenticate it again, for security''s sake. Thanks, Jan Mulders ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Jan Mulders wrote:> Hello, > > I''ve got a process on my machine that needs to query a daemon > listening on port 1816, UDP. It''s basically not working. > > root@betabitch [/etc/shorewall]# tcpdump -i lo > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes > 14:19:34.332311 IP localhost.32946 > localhost.1816: UDP, length 97 > 14:19:35.332405 IP localhost.32947 > localhost.1816: UDP, length 97 > 14:19:36.332147 IP localhost.1816 > localhost.32946: UDP, length 20 > 14:19:37.331962 IP localhost.1816 > localhost.32947: UDP, length 20 > 14:19:37.331999 IP localhost > localhost: icmp 56: localhost udp port > 32947 unreachable > > What rule should I add to make this work?You have messed up terribly if Shorewall is stopping this connection in the first place! There are only a handful of scenarios where it makes any sense whatsoever to have fw<->fw policies or rules. Do you have a fw->fw policy? If so, why? Do you have any fw->fw rules? If so, why? Do you see Shorewall messages when you try this UDP connection? Does it work if you "shorewall clear"? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV