Hi,

I'm running shorewall 4.0.13 on Ubuntu 8, and everything has been  
smooth and easy so far. Thanks a lot. Shorewall runs on my home  
server, which acts both as a firewall/router as well as an application  
server. It's got two active ethernet ports for zones local and  
network, and (due to VMware2 on the server) some virtual network ports.

However, after playing around with shorewall's settings I found that  
mDNS didn't work anymore. I've got the avahi on the server, and both  
the server itself as well as clients on my network couldn't  
resolve .local domains anymore. The was nothing in the shorewall logs  
(I've got the last REJECT rule log with level INFO), but I made sure  
that the logging worked by accessing some strange ports somewhere,  
which promptly showed up in the log files. Nothing wrong with logging.

After some serious frustration I switched off shorewall completely,  
allowing all traffic between all hosts. e voilá, mDNS worked like a  
charm. One of my tweaks of the shorewall settings was to enable the  
perl compiler, which was said to generate more effective and compact  
rules. Switching it back to "shell" in fact helped me with my mDNS  
problems, it's working again now.

So, what did I do wrong here? I enabled multicasting in shorewall.conf  
and had an "allow all" rule for ICMP. Are you aware of any issues  
regarding mDNS?

For the record: mDNS uses UDP port 5353 along with multicasts to  
254.0.0.251. Avahi responds to these packets, announcing itself as a  
mDNS enabled host.

Any help is appreciated. Regards,

Christian
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to