Re: Firewall behaviour is strange on one of my systems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

on the desktop

iptables --table filter --list | grep mdns
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns ctstate NEW
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns ctstate NEW

on the laptop:

[root@Fujiantonio antonio]# iptables --table filter --list | grep mdns
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns ctstate NEW


why do I have two lines instead of one???

2015-10-28 18:07 GMT+01:00 Antonio M <antonio.montagnani@xxxxxxxxx>:
tbx to all... iptables -L -n -v

see attached file

2015-10-28 18:00 GMT+01:00 Gordon Messmer <gordon.messmer@xxxxxxxxx>:
On 10/28/2015 09:24 AM, Rick Stevens wrote:
You have a DNS resolution issue.

 It's probably an mDNS issue, and replies should normally be allowed by the default "accept RELATED,ESTABLISHED" rule.

It might be helpful to see the output of "iptables -L -n -v".

With the firewall enabled, as root,
try:
    # iptables -L -n | grep :53
and make sure you see lines like:
    ACCEPT  udp  --  0.0.0.0/0    0.0.0.0/0            udp dpt:53
    ACCEPT  tcp  --  0.0.0.0/0    0.0.0.0/0            tcp dpt:53

 You'll normally only see those lines when you're running virtualization, or a DNS server.  They aren't necessary for mDNS, which uses a different port entirely.

I suspect that you see them because you're running libvirt.  If you use "iptables -v", you would see that those rules only affect packets on the virbr0 interface.  They're not related to your non-virtualized applications (or to mDNS in any case).

Also make sure avahi-daemon and dnsmasq are running.

 If mDNS is working when the firewall is down, we can assume that avahi-daemon is running.  dnsmasq is not required for mDNS.


--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



--
Antonio Montagnani
Skype : amontag52

Linux Fedora 22 (Twenty-two)
inviato da Gmail



--
Antonio Montagnani
Skype : amontag52

Linux Fedora 22 (Twenty-two)
inviato da Gmail
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux