Thanks Tom, It tried you suggestion, unfortunately nothing shows up in the log.
With tcpdump: root@arch/0:~# tcpdump -i br0 -n udp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes 20:09:03.759139 IP 192.168.10.15.8008 > 239.255.255.250.1900: UDP, length 101 20:09:03.761098 IP 192.168.10.1.1900 > 192.168.10.15.8008: UDP, length 311 20:09:03.958368 IP 192.168.10.15.8008 > 239.255.255.250.1900: UDP, length 102 20:09:03.959499 IP 192.168.10.1.1900 > 192.168.10.15.8008: UDP, length 311 20:09:04.162749 IP 192.168.10.15.8008 > 239.255.255.250.1900: UDP, length 101 20:09:04.163516 IP 192.168.10.1.1900 > 192.168.10.15.8008: UDP, length 311 20:09:04.370630 IP 192.168.10.15.8008 > 239.255.255.250.1900: UDP, length 102 20:09:04.372723 IP 192.168.10.1.1900 > 192.168.10.15.8008: UDP, length 311 Without tcpdump: Nothing. I attached a dump with my original config (MULTICAST = No, no route to 224.0.0.0/4) and would be very pleased if you could help me further. (Taking the dump complains about that SW could not find "arp" and "netstat", hope it helps anyway.) -Tarqi -----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: Monday, April 29, 2013 5:39 PM To: [email protected] Subject: Re: [Shorewall-users] Multicast / Broadcast in Shorewall On 04/27/2013 04:50 PM, Tarqi Kazan wrote: > Hi List, > > I recently got an Android Gadget to play with and put an DLNA-Server > on my Shorewall Box. > > The following entries in the "rules" file will make it work instantly, > if I use "tcpdump" to check the traffic. This is the case because the > interface will be in promiscuous mode, I believe, when "tcpdump" is be > stopped, it is not working anymore. > > SECTION NEW > ACCEPT lan $FW udp 1900 > ACCEPT $FW lan udp - 1900 > ACCEPT lan $FW tcp 8200 > > I tried "allowinUPnP lan $FW" and vice versa, also "allowBcast", > still no luck. > Also "MULTICAST=Yes" in shorewall.conf has no effect, nor setting a > route like this: > > ip route add 224.0.0.0/4 dev br0 (interface "lan" is a bridge). > > What I am missing? Temporarily set the lan->fw and fw->lan policy default action to 'None': /etc/shorewall/policy: #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK lan fw REJECT:None info fw lan REJECT:None info Now try to connect; the Netfilter log will show you what is being rejected or dropped. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
shorewall_dump.bz2
Description: Binary data
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
