05.08.2020 22:49, Marc Chamberlin пишет:
I have two separate knockd services running, one for each interface (knockd which defaults to eth0, and knockd@eth1). This works on other systems I have, so apparently something is messed up on this one computer...
Or something is messed up on network path to this computer. Stop both knockd. Start tcpdump or dumpcap/tshark/wireshark/... on both interfaces, do not put interfaces in promiscuous mode to match what knockd does (option -p for tcpdump/dumpcap/tshark). Start packet capture on client used to knock. Try to knock on both addresses. Make sure to capture full sequence from the very beginning. Do it once with firewall stopped, and once with firewall active. If possible, do simultaneous packet capture on your switch. Intelligent switches often offer port mirroring feature where you can duplicate all traffic to/from one port to another port, so you can connect to mirror port and capture traffic. This allows you to see what actually happens on port in question. Compare results. Make them available if you have questions.