LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-23-2013, 06:20 AM   #1
LBM
Member
 
Registered: Aug 2010
Location: Denmark
Distribution: Debian
Posts: 87

Rep: Reputation: 0
Iptables breaks mediastreaming from server


I have a small server, from which I stream video files, from a samba share.

I have enabled iptables, and setup basic rules, but for some reason, when these rules are active, the streaming stops suddently. Sometimes already after 3 minutes, sometimes after 20 minutes, so there is no clear pattern.

I have tried to debug with tcpdump, but there is nothing to se here.

Any ideas to, what is causing this?

The iptables rule looks like this.
Code:
Chain INPUT (policy DROP 67 packets, 8666 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        6   360 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 state NEW 
2       22  2088 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:137 state NEW 
3        1   236 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:138 state NEW 
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139 state NEW 
5        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445 state NEW 
6      141  9533 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
 
Old 03-23-2013, 07:03 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Rep: Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928
The best way to "debug" firewall rule sets is to use "-j LOG" rules before "-j DROP" decisions to see what actually gets dropped. Additionally attaching output of 'iptables-save' provides a more accurate view of what rules are actually in use.
 
Old 03-25-2013, 04:06 AM   #3
LBM
Member
 
Registered: Aug 2010
Location: Denmark
Distribution: Debian
Posts: 87

Original Poster
Rep: Reputation: 0
Hi, thanks for replying. I am aware of the iptables-save output, but for me this output is not more accurate, actually the opposite.

But, I found the error, as show above, RELATED,ESTABLISHED was only specified for TCP, which was clearly a mistake. When allowing all protocols (byt not directly specifying TCP), it worked.

Addding the correct rule, after deleting the "corrupt" one.
Code:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
Old 03-25-2013, 04:09 AM   #4
LBM
Member
 
Registered: Aug 2010
Location: Denmark
Distribution: Debian
Posts: 87

Original Poster
Rep: Reputation: 0
Hi, thanks for replying. I am aware of the iptables-save output, but for me this output is not more accurate, actually the opposite.

But, I found the error, as show above, RELATED,ESTABLISHED was only specified for TCP, which was clearly a mistake. When allowing all protocols (byt not directly specifying TCP), it worked.

Addding the correct rule, after deleting the "corrupt" one.
Code:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
Old 03-25-2013, 01:19 PM   #5
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
That is an interesting twist, seeing as UDP does not have 'states' like TCP. This link suggests that IPTables may be remembering the IP:Port used as part of the connection tracking. It alludes to analysis of packets and replies, but there is nothing in UDP that says a reply is imminent.
 
Old 03-26-2013, 07:19 AM   #6
LBM
Member
 
Registered: Aug 2010
Location: Denmark
Distribution: Debian
Posts: 87

Original Poster
Rep: Reputation: 0
Hi,

Thank you. Good "article"!

---------- Post added 26-03-13 at 12:19 ----------

Hi,

Thank you. Good "article"!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DMZ and iptables breaks my head!!! Avanced Help please!!!! MikeHammer Linux - Networking 111 12-28-2009 05:48 PM
Upgrade from FC6 to FC9 to FC10 to FC11 breaks news server login perplxxt Fedora 11 08-24-2009 11:03 AM
iptables rules for web server email server,ftp and ssh,please help lightwing Linux - Networking 1 03-25-2009 09:58 PM
Desktop (X Server) simply breaks kewlemer Linux - General 5 03-15-2006 11:09 PM
10 RC1 with PCMCIA on Laptop - X Server Breaks Network connectivity 1kyle Suse/Novell 4 09-16-2005 06:09 PM


All times are GMT -5. The time now is 01:52 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration