On 9/2/2015 2:10 AM, Nerijus Baliunas wrote: > On Tue, 1 Sep 2015 16:48:45 -0700 Tom Eastep <[email protected]> wrote: > >> The dump shows no conntrack entry for the broadcasts; yet it appears >> that steam is running. >> >> Interestingly, one packet has matched the DNAT rule -- I would have >> thought that your loc->loc rules would have been the correct one if >> steam is running in the steam netns. Did you inadvertently run steam >> outside that netns since Shorewall was restarted. > > I ran Steam under netns when testing, but sometimes I ran it normally when > not testing. > Today I ran Steam under netns and it sent correct broadcast: > 346 6.393202 192.168.1.11 -> 192.168.1.255 UDP 136 Source port: 27036 > Destination port: 27036 > > Then I ran Steam normally and then again under netns, and broadcast became > wrong again: > 12562 502.839578 192.168.1.11 -> 5.20.215.255 UDP 138 Source port: 27036 > Destination port: 27036 > > So it seams Steam somehow caches incorrect broadcast address. > After some time broadcast became right again.
It's probably Netfilter -- when you run steam outside of the netns, a conntrack table entry is created. That entry is still used when you move steam into the netns. You need to allow enough time for the entry to expire. You can see the entry in by 'shorewall show connections | fgrep port=27036'. You can also use the conntrack utility program to delete the entry. > > But now another problem - Steam sends correct broadcast, but the client PC > does not see it. > tshark -i wlan0 -Y "tcp.port == 27036 or udp.port == 27036" on the client > does not show any output, > while the sniffer on the sending PC shows outgoing broadcasts. What could be > wrong? > No idea. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
