> On 24 Oct 2023, at 15:30, Arno Lehmann <a...@its-lehmann.de> wrote: > > Hi Henggi, all, Hi Arno, thanks for your reply! > > Am 24.10.2023 um 14:04 schrieb Henggi: >> Hi list, >> Completely stuck here, any clue appreciated! >> Trying to bring up XRDP service on Debian 11-bullsyeye (arm64, incl. >> backports, fully up-to-date) which is only listening on „lo“ interface (not >> eth0) even netstat indicates otherwise: >> -> incoming tcp syn/ack on localhost interfact (lo) works fine >> -> incoming tcp syn/ack on eth0 interface seems not to reach app listening >> process (while other services on same host are working just fine via the >> network - so it’s not an „physical" network issue). >> -> iptables are cleared and not aware of any other netfilter running… > > I suggest to verify the other netfiler options. > > Recently I encountered something similar, and my usual test for local > firewall being active, > > iptables -L -n > > came back with policies "accept" all over the place, and no particular rules. > > Took me a while to understand that firewalld can still do its job. > > So, probably useful to check with > > systemctl status firewalld As I mentioned in my 1st email, I think (afaik) that no other netfitler module/service is running.
root@server:~# systemctl status firewalld Unit firewalld.service could not be found. However, then there are kernel modules loaded when looking for „net OR filter OR fire OR ip“ as followed (of which I assume are just loaded as part of the default base system but not doing anyhting - how to be sure of it): root@server:~# lsmod |egrep -i "net|filter|fire|ip" inet_diag 28672 1 tcp_diag iptable_nat 16384 0 nf_nat 49152 1 iptable_nat iptable_filter 16384 0 nf_defrag_ipv6 20480 1 nf_conntrack nf_defrag_ipv4 16384 1 nf_conntrack nfnetlink 20480 1 nf_tables ip_tables 32768 2 iptable_filter,iptable_nat x_tables 53248 3 iptable_filter,ip_tables,iptable_nat ipv6 557056 20 > > and use firewallcmd in an appropriate manner, if you find that to be active. > > Good luck! > > Arno > > -- > Arno Lehmann > > IT-Service Lehmann > Sandstr. 6, 49080 Osnabrück >
