You are not logged in.
Pages: 1
I have an iptables.rules based firewall.
So basically, I open every port that I use with something like
-A open -p udp --dport 5353 -j ACCEPT
I recently installed avahi and it was blocked by the firewall. I googled some and figured out that I needed to open port 5353
Is there a way to probe what ports a process is trying to access (in order to know which ones to open)?
Offline
take a look at nmap
Offline
You can also use netstat -natp or lsof -i to find out what addresses and ports are used by processes on your local machine.
On the Avahi FAQ it says that you need to allow traffic to and from UDP port 5353. Did you do that, or do you only allow traffic in one direction?
Offline
D'oh, I missed the -u switch for netstat. It's needed if you want to see UDP ports as well: netstat -natup
Offline
Thanks guys. The outgoing traffic should be covered by the established/related rule that I have in there.
Offline
Maybe I'm misinterpreting what you say - "the established/related rule that I have in there" sound like singular. You'll have to put an ACCEPT rule in the INPUT and OUTPUT tables both. But maybe that's not the issue here
Offline
Yeah, you're right. I DO only have it input... but I have:
-A OUTPUT -j open
# there is a similar line for input, straight from the wiki :)
and then
# mt-daapd and the daap protocol (needed for avahi out)
# heh, turns out i needed more ports :P
-A open -p tcp --dport 3689 -j ACCEPT
-A open -p udp --dport 3689 -j ACCEPT
# avahi-daemon
-A open -p tcp --dport 5353 -j ACCEPT
-A open -p udp --dport 5353 -j ACCEPT
This way the open chain I made goes to input and output both.
Good eye!! Thanks again, this issue is resolved now.
Offline
Good to hear!
For clarification (although slightly unnecessary), when I said "INPUT and OUTPUT tables" above, I actually meant chains, not tables. Oh, well
Offline
Pages: 1