On 12/07/2012 11:49 PM, Dr. Harry Knitter wrote: > > What I have done since my last posting: > I opened the udp ports the tv is sending to (32410 and 32414) and the ports > the server is listening on exept the port for localhost (i.e. tcp 49152 and > udp 1900) and get the server connected. However not always and when it takes > up to 20 minutes until the DLNA sever is found. > The firewall log shows ACCEPT for ports 32410 udp and 49152 tcp. > > What I do not understand is: > Why didnĀ“t I get DROPs for port 32410 and 32414 before opening these ports.
Because the standard default actions (Drop and Reject) silently drop broadcast and multicast packets. Otherwise, the average log would be full of nothing but those. > Why isn't there ACCEPTs for port 32414 while tshark is telling me that packets > to this port come in. I can't answer that without seeing the output of 'shorewall dump'. > How does the tv connect to the DLNA server when there are no corresponding > ports (except tcp 49152 when connected). > Don't know. The normal way this works is via UPnP where the TV would broadcast/multicast on UDP 1900 and the server would respond. Another important point about broadcast/multicast is that the server's responses must be explicitly allowed by the firewall, either via policy or rules. That's because Netfilter's connection tracking mechanism doesn't associate the server's response with the corresponding incoming broadcast/multicast conntrack table entry. That is why I was asking earlier about the firewall->tv policy. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
