Hello,
OK, for people who are having trouble with UDP. Firstly, user defined UDP
protocols _do_not_ require an explicit iptables rule for allowing reply
packets. Reply packets are handled by iptable's connection tracking feature.
This is what these lines do:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
UDP has worked fine in Guarddog for quite a few years now.
What I want is for people who are having trouble to try to contact their
teamspeak/UDP server with their client software, wait 5 seconds and then
execute this command in shell:
cat /proc/net/ip_conntrack > ~/ip_conntrack.txt
(you probably want to queue this up first in your shell :-) ). Then email me
([EMAIL PROTECTED], *not* this list) these files/info:
* ~/ip_conntrack.txt
* /etc/rc.firewall (your firewall script)
* the firewall log messages in /var/log/messages (showing the UDP packet being
stopped).
* your kernel version.
* the output of "lsmod" command ( lsmod > ~/lsmod.txt )
* the distribution you are using
We are trying to figure out why UDP connection tracking isn't working.
cheers,
--
Simon Edwards | Guarddog Firewall
[EMAIL PROTECTED] | http://www.simonzone.com/software/
Nijmegen, The Netherlands | "ZooTV? You made the right choice."
