? 2015/1/27 ?? 02:03, Nikos Mavrogiannopoulos ??: > On Tue, 2015-01-27 at 01:21 +0800, Lemon Lam wrote: >> (snip) > > Check for some firewall terminating the connection; there is no > handshake occurring there, the session is terminated before it starts. > > regards, > Nikos > > My iptables-based firewall should not be the problem as it just need one more INPUT rules to let this handshake stuff through like a web server and another one for the DTLS tunnel. > # iptables -nvL > Chain INPUT (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > > 1023 99939 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 > > 0 0 REJECT all -- * * 0.0.0.0/0 127.0.0.0/8 > reject-with icmp-port-unreachable > 90256 41M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 > state RELATED,ESTABLISHED > 1711 94740 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 > tcp dpt:80 > 121 7072 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 > tcp dpt:443 > 6 360 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 > tcp dpt:8443 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 > udp dpt:8443 > 146 7584 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 > > 450 35879 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 > limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: " > 454 36402 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 > > Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > > 81325 27M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 regards, Lam