Results 1 to 10 of 10

Thread: Firewall configuration for UDP, TCP and HTTPS doesn't seem to work

  1. #1
    Join Date
    Sep 2020
    Location
    Port Macquarie, NSW, Australia
    Posts
    8

    Default Firewall configuration for UDP, TCP and HTTPS doesn't seem to work

    Hello all,

    I've been using linux a while but am still only an average user. I'm new to OpenSUSE and really want to keep using it but am having trouble with getting things set up on Leap 15.2.

    One of the applications I use needs to transmit UDP packets on ports 49003 - 49005, and accept TCP connections on port 10747. It is a Java application so permissions must be granted to the java runtime. The application doesn't do anything exotic network wise, it simply connects to servers on an https port (443), accepts a TCP socket connection on 10747, and broadcasts UDP packets with the traffic data.
    (all of this is cut and paste from a support response I got from the application developer).

    I should add this is a java application collecting data from a server on the internet and feeding it to a plugin within another application. (if you're interested it's RealTraffic, feeding to LiveTraffic plugin within XPlane 11 but I don't think it matters here). So it appears local UDP transport is blocked?

    I've tried turning the firewall off but that didn't fix it. I've turned the firewall back on and added the necessary UDP ports and TCP port to the 'public' zone. I wasn't sure if I needed to add the https port to public too and am not sure how? I don't know how to add the java runtime to the firewall config either, it doesn't appear in the list of services to add.

    My ports are configured as shown below.

    I continue to get errors in the log for the application saying "could not bind UDP socket with "0.0.0.0:49003". and previous to adding the ports to the public zone I was getting ERROR Network.cpp:488/send: send failed: "0.0.0.0:10747" (Broken pipe)

    Can someone point me in the right direction please? I'm not sure what to try next.

    Thanks in advance!
    Steve

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    29,708
    Blog Entries
    15

    Default Re: Firewall configuration for UDP, TCP and HTTPS doesn't seem to work

    Hi
    What zone is the interface your using in, hopefully public?
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  3. #3
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    22,104
    Blog Entries
    1

    Default Re: Firewall configuration for UDP, TCP and HTTPS doesn't seem to work

    I've tried turning the firewall off but that didn't fix it.
    How are you connected to the internet? Have you checked the router connecting to the internet? The internet-facing firewall is likely to be impacting here.
    openSUSE Leap 15.2; KDE Plasma 5

  4. #4
    Join Date
    Sep 2020
    Location
    Port Macquarie, NSW, Australia
    Posts
    8

    Default Re: Firewall configuration for UDP, TCP and HTTPS doesn't seem to work

    Quote Originally Posted by malcolmlewis View Post
    Hi
    What zone is the interface your using in, hopefully public?
    Hi Malcolm,
    Thanks for taking the time to reply. I hadn't checked the interface before. It was set to 'home' so I've changed it to 'public' now. I haven't rebooted but I have Firewall set to reload after writing configuration.

    There is only one service allowed on my public zone, I haven't changed the defaults. Is that correct?

  5. #5
    Join Date
    Sep 2020
    Location
    Port Macquarie, NSW, Australia
    Posts
    8

    Default Re: Firewall configuration for UDP, TCP and HTTPS doesn't seem to work

    Quote Originally Posted by deano_ferrari View Post
    How are you connected to the internet? Have you checked the router connecting to the internet? The internet-facing firewall is likely to be impacting here.
    Hi Deano,

    Thanks for the tip. Not sure what to check though. On Malcolm's advice I've now switched eth0 to the 'public' zone. Everything about the internet is working fine. And the java application is also connecting through the router to its server and behaving correctly. The error seems to be happening between the java application and the plugin, residing on the same machine. And then it seems to be only one way - data incoming to the plugin doesn't get through. The java app is receiving data from the plugin. The plugin developer after reviewing the logs said it looked like local UDP transport was being blocked.

    This isn't a new application and plugin in for me. I've had it set up this way for nearly a year, working with minimal setup and without fault on several other distros, using the ufw gui firewall app to identify the blocked ports in real time and allow them. I might try using ufw to see if that sheds any light. Although I'm confused that turning the firewall off didn't fix the problem?

    Cheers
    Steve

  6. #6
    Join Date
    Sep 2020
    Location
    Port Macquarie, NSW, Australia
    Posts
    8

    Default Re: Firewall configuration for UDP, TCP and HTTPS doesn't seem to work

    Quote Originally Posted by steves View Post
    Hi Malcolm,

    There is only one service allowed on my public zone, I haven't changed the defaults. Is that correct?
    Sorry, meant to add that it still isn't working after making the change.

  7. #7
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    29,708
    Blog Entries
    15

    Default Re: Firewall configuration for UDP, TCP and HTTPS doesn't seem to work

    Quote Originally Posted by steves View Post
    Sorry, meant to add that it still isn't working after making the change.
    Hi
    Seems it a commercial application... If your plugin is connecting to it, then should be no need for any firewall configuration, the api should just find the server and connect to those ports?

    For example my ADSB data connecting to the server;

    Code:
    Flightradar24 Feeder/Decoder
    Linux/generic/x86_64/1.0.18-5
    Updated: 16:00:54 GMT-0500 (Central Daylight Time)
    
    FR24 Link:    Connected via TCP
    FR24 Radar Code:    T-KGLH3
    Aircraft Tracked (ModeS & ADS-B):    73
    Aircraft Uploaded:    63
    Receiver:    dvbt, Connected
    MLAT running:    N/A
    If you need the connections then your going to have to use port forwarding on your router to send those ports to your computer.
    Last edited by malcolmlewis; 14-Sep-2020 at 14:12.
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  8. #8
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    22,104
    Blog Entries
    1

    Default Re: Firewall configuration for UDP, TCP and HTTPS doesn't seem to work

    Quote Originally Posted by steves View Post
    This isn't a new application and plugin in for me. I've had it set up this way for nearly a year, working with minimal setup and without fault on several other distros, using the ufw gui firewall app to identify the blocked ports in real time and allow them. I might try using ufw to see if that sheds any light. Although I'm confused that turning the firewall off didn't fix the problem?

    Cheers
    Steve
    The information you've supplied far re not working with firewall disabled shows this is not the issue. Again, you may need to look at the external router/firewall perhaps.
    openSUSE Leap 15.2; KDE Plasma 5

  9. #9
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,773
    Blog Entries
    2

    Default Re: Firewall configuration for UDP, TCP and HTTPS doesn't seem to work

    Quote Originally Posted by steves View Post
    I continue to get errors in the log for the application saying "could not bind UDP socket with "0.0.0.0:49003". and previous to adding the ports to the public zone I was getting ERROR Network.cpp:488/send: send failed: "0.0.0.0:10747" (Broken pipe)

    Can someone point me in the right direction please? I'm not sure what to try next.

    Thanks in advance!
    Steve
    This part of your post suggests that your application is broken(maybe not installed or set up properly)
    If the app writes its own log somewhere you can inspect that, otherwise
    You would need to inspect your system log to collect entries relevant to what you posted to better understand what is happening.
    There are probably a number of ways you can collect the necessary entries but I can't recommend an exact command.
    I've recommended the following digitalocean article as a user friendly description of some useful journalctl commands...
    Maybe you can search for the specific entries you describe eg. "0000:49003" note the timestamp and try displaying events from a minute before the entry to a minute afterwards. But, maybe you'll figure out something better.
    Or, maybe search for all entries related to your java executable... I don't know if that will work with a java binary, I've only done that with C binaries.

    https://www.digitalocean.com/communi...e-systemd-logs

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  10. #10
    Join Date
    Sep 2020
    Location
    Port Macquarie, NSW, Australia
    Posts
    8

    Default Re: Firewall configuration for UDP, TCP and HTTPS doesn't seem to work

    Quote Originally Posted by tsu2 View Post
    This part of your post suggests that your application is broken(maybe not installed or set up properly)

    I've recommended the following digitalocean article as a user friendly description of some useful journalctl commands...


    TSU
    Thanks again TSU, that's a helpful article, not just for this issue either.
    Cheers
    Steve

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •