[Bug 760163] New: Allowing Multicast does still block Multicast
https://bugzilla.novell.com/show_bug.cgi?id=760163 https://bugzilla.novell.com/show_bug.cgi?id=760163#c0 Summary: Allowing Multicast does still block Multicast Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: Other OS/Version: openSUSE 12.1 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: sven.burmeister@gmx.net QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1094.0 Safari/536.6 SUSE/20.0.1094.0 If I allow multicast from YaST's firewall module I still get: MAC=01:00:5e:00:00:01:00:26:4d:07:e3:26:08:00 SRC=192.168.2.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=21265 OPT (94040000) PROTO=2 BAckground: Communicating with a Synology NAS is not possible, neither via browser:5001, not smb:/ although in YaST's module the services samba-client, zeroconf multicast dns and for broadcast samba-browsing is enabled. Apparmor is disabled. Disabling the firewall "solves" the issue. Enabling it after let's communication still work for ~10 minutes. SuSEfirewall2 status: ### iptables filter ### Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 152 11256 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 45 18759 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED 30 4647 input_ext all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-IN-ILL-TARGET " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWD-ILL-ROUTING " Chain OUTPUT (policy ACCEPT 74 packets, 7762 bytes) pkts bytes target prot opt in out source destination 152 11256 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 Chain forward_ext (0 references) pkts bytes target prot opt in out source destination Chain input_ext (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast udp dpt:427 15 2535 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 ctstate RELATED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:427 ctstate RELATED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 ctstate RELATED 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:139flags: 0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP " 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:445flags: 0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP " 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:5000flags: 0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP " 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:5001flags: 0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP " 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 11 1964 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:427 3 108 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 PKTTYPE = multicast LOG flags 6 level 4 prefix "SFW2- INext-DROP-DEFLT " 3 108 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 1 40 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT " 1 40 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain reject_func (0 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable ### iptables raw ### Chain PREROUTING (policy ACCEPT 227 packets, 34662 bytes) pkts bytes target prot opt in out source destination 152 11256 NOTRACK all -- lo * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 226 packets, 19018 bytes) pkts bytes target prot opt in out source destination 152 11256 NOTRACK all -- * lo 0.0.0.0/0 0.0.0.0/0 ### ip6tables filter ### Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 30 8101 ACCEPT all lo * ::/0 ::/0 0 0 ACCEPT all * * ::/0 ::/0 ctstate ESTABLISHED 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED 0 0 input_ext all * * ::/0 ::/0 0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-IN-ILL-TARGET " 0 0 DROP all * * ::/0 ::/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWD-ILL-ROUTING " Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 30 8101 ACCEPT all * lo ::/0 ::/0 2 132 ACCEPT icmpv6 * * ::/0 ::/0 Chain forward_ext (0 references) pkts bytes target prot opt in out source destination Chain input_ext (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 137 0 0 ACCEPT udp * * ::/0 ::/0 udp spt:137 ctstate RELATED 0 0 ACCEPT udp * * ::/0 ::/0 udp spt:427 ctstate RELATED 0 0 ACCEPT udp * * ::/0 ::/0 udp spt:137 ctstate RELATED 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp dpt:139flags: 0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP " 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:139 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp dpt:445flags: 0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP " 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:445 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp dpt:5000flags: 0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP " 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:5000 0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp dpt:5001flags: 0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-ACC-TCP " 0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:5001 0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:137 0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:138 0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:139 0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:445 0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:5353 0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:5353 0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:427 0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT " 0 0 DROP all * * ::/0 ::/0 Chain reject_func (0 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp * * ::/0 ::/0 reject-with tcp-reset 0 0 REJECT udp * * ::/0 ::/0 reject-with icmp6-port-unreachable 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-addr-unreachable 0 0 DROP all * * ::/0 ::/0 ### ip6tables mangle ### Chain PREROUTING (policy ACCEPT 30 packets, 8101 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 30 packets, 8101 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 32 packets, 8233 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 32 packets, 8233 bytes) pkts bytes target prot opt in out source destination ### ip6tables raw ### Chain PREROUTING (policy ACCEPT 30 packets, 8101 bytes) pkts bytes target prot opt in out source destination 30 8101 NOTRACK all lo * ::/0 ::/0 Chain OUTPUT (policy ACCEPT 32 packets, 8233 bytes) pkts bytes target prot opt in out source destination 30 8101 NOTRACK all * lo ::/0 ::/0 Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=760163
https://bugzilla.novell.com/show_bug.cgi?id=760163#c1
kk zhang
https://bugzilla.novell.com/show_bug.cgi?id=760163
https://bugzilla.novell.com/show_bug.cgi?id=760163#c2
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=760163
https://bugzilla.novell.com/show_bug.cgi?id=760163#c3
--- Comment #3 from Sven Burmeister
https://bugzilla.novell.com/show_bug.cgi?id=760163
https://bugzilla.novell.com/show_bug.cgi?id=760163#c4
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=760163
https://bugzilla.novell.com/show_bug.cgi?id=760163#c5
--- Comment #5 from Sven Burmeister
https://bugzilla.novell.com/show_bug.cgi?id=760163
https://bugzilla.novell.com/show_bug.cgi?id=760163#c6
--- Comment #6 from Sven Burmeister
participants (1)
-
bugzilla_noreply@novell.com