You are not logged in.

#1 2020-05-27 12:58:15

Hwaiting
Member
Registered: 2019-08-30
Posts: 6

Does arch limit wireless port access (for Java applications?)

I'm attempting to host a MapTool server but whatever I do other devices (local network) cannot connect to my laptop.

I can't seem to figure out where it's going wrong. I feel like a security element is blocking the port, or that the application is being looped back to localhost while hosting on local network.

I have no ufw rules, nothing in my iptables. I use firewalld as my firewall but opening the port there/disabling firewalld doesn't help.

I can ping from and to my device, and connect to a MapTool server hosted on the other device. (Fwiw, other device is running Windows.)

Has anybody got any ideas?

Offline

#2 2020-05-27 19:36:21

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: Does arch limit wireless port access (for Java applications?)

No, Arch doesn’t block anything by itself — and in particular it has no idea about whether the application using the port is a Java one or not.

ss of core/iproute2 may be used to see what sockets you have opened:

sudo ss -lnp46

The columns of interest are “Process” and “Local address”. See if the process is even listening and at what address. Running as root (with sudo) may be skipped, but then you will miss information about sockets that do not belong to you.

Last edited by mpan (2020-05-27 19:38:00)


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#3 2020-06-03 18:07:27

Hwaiting
Member
Registered: 2019-08-30
Posts: 6

Re: Does arch limit wireless port access (for Java applications?)

It's listening politely, clients still can't connect though.

tcp   LISTEN 0      0                  *:51234            *:*    users:(("MapTool",pid=347885,fd=28))

Offline

#4 2020-06-03 18:31:27

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: Does arch limit wireless port access (for Java applications?)

Can you connect to it at all? Both at 127.0.0.1:51234 and $your_ip_address:51234 (the application seems to not be bound to any address)? You may try even by sending some garbage using netcat from extra/gnu-netcat or community/openbsd-netcat, because the only thing important is whether the connection is made at all. You may also try that from another machine.


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#5 2020-06-07 20:13:19

Hwaiting
Member
Registered: 2019-08-30
Posts: 6

Re: Does arch limit wireless port access (for Java applications?)

Interesting I'll give netcat a try.

I can connect to MapTool from a second locally running client.

Offline

#6 2020-06-07 22:00:25

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: Does arch limit wireless port access (for Java applications?)

That complicates things. I was hoping the result will be negative — which would at least give a clue that the issue is most likely⁽¹⁾ in the software itself. But it seems it is nicely accepting connections. Note: I assume you have tested for both 127.0.0.1 and $your_ip_address, not merely localhost.

At this point I have no idea. Can you make any connection using netcat from another machine? Can you, from another machine, connect to any other service using the same port (also on TCP)? Does the issue persist or does it happen only if you have restarted the server recently (may indicate SO_REUSEADDR is not set for the socket)? Can you connect to any service on this machine from another machine? Perhaps the router is not passing connections? And the sanity check, despite you have said that the problem persists without firewalld: are you absolutely certain you have nothing in firewalld log (see the debug options) and no rules in nftables?

____
⁽¹⁾ For nit-picky people: not certainly, I know.


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#7 2020-06-09 15:25:27

Hwaiting
Member
Registered: 2019-08-30
Posts: 6

Re: Does arch limit wireless port access (for Java applications?)

mpan wrote:

Note: I assume you have tested for both 127.0.0.1 and $your_ip_address, not merely localhost.

Indeed.

mpan wrote:

1) Can you make any connection using netcat from another machine? 2) Can you, from another machine, connect to any other service using the same port (also on TCP)? 3) Does the issue persist or does it happen only if you have restarted the server recently (may indicate SO_REUSEADDR is not set for the socket)? 4) Can you connect to any service on this machine from another machine? 5) Perhaps the router is not passing connections? And the sanity check, despite you have said that the problem persists without firewalld: 6a) are you absolutely certain you have nothing in firewalld log (see the debug options) and 6b) no rules in nftables?

3) Yes persistent
4) syncthing always seemed to work
5) I have checked for 'wireless isolation' and that wasn't on. Connections in the other direction were possible.
6a) Eventually didn't check for this. Also couldn't find it...
6b) Thanks for the sanity check smile. I (accidentally/unknowingly) had nftables.service running, so also had the default filter running!
2) Now I can!
1) telnet->netcat worked!

I need to check if maptool now also works at a friends for an extra client, but I think disabling nftables.service was the fixing step.

Minor rant: Between ufw, iptables, and nftables there are too many places firewall/blocking is implemented.

Offline

#8 2020-06-09 15:43:16

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: Does arch limit wireless port access (for Java applications?)

Hwaiting wrote:

Minor rant: Between ufw, iptables, and nftables there are too many places firewall/blocking is implemented.

By default none of these are configured, you would have to knowingly configure and enable each one. UFW is just a front end for iptables.


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

Board footer

Powered by FluxBB