Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] What is the meaning of these firewall log entries?
On 12/02/16 11:47 PM, Andrei Borzenkov wrote:
13.02.2016 08:08, Carlos E. R. пишет: >> On 2016-02-13 05:56, Andrei
Borzenkov wrote: >> >>> No. He sees this
message because other system blocks UDP >>> >>> [SRC=192.168.1.14
DST=192.168.1.15 LEN=343 TOS=0x00 PREC=0x00 >>> TTL=64 ID=3128 PROTO=UDP
SPT=6666 DPT=6666 LEN=323 ] >> >> But that is not possible. I have
explicitly open "udp,6666" on both >> machines: > > OK "blocks" was the
wrong word, sorry.
The problem is, "blocks" is the /right/ word. AFAIK, you will only get a
"port unreachable" reply from a remote system *if and only if* the port
is blocked by the remote's firewall. Someone correct me if I am wrong,
but I do believe, if the port is open but there is no service listening,
then the message will simply time out without a response.

Perhaps iptables is smart enough to figure that out, and then send a
"time exceeded" response (ICMP type 11), but that certainly is not what
is happening here.
FW_TRUSTED_NETS="192.168.1.14,udp,syslog 192.168.1.14,tcp,514
192.168.1.14,udp,6666 192.168.1.14,icmp" >> >> and conversely on
the other machine. >> >> >> In fact, "netcat -u 192.168.1.15 6666"
succeeds to send text to the >> other machine. >> >> >> The strange
thing is that it stops working after some time (hours?), >> and I have
to restart on the listener: >> > > Yes. The message you get means nobody
is listening on this port and you > just confirmed that it stops working
after some time - which very much > sounds like is stops listening.
Check timestamps on port unreachable > messages, compare with timestamps
when it stops working. > > >> netcat -u -l 6666 | tee -a remote_log >>
Apparently, it happens when I stop the sender. >> > >


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups