Mageia forum

[rodgoslin]

A problem that I've been having, on and off for a long time, is opening port 51413 for Transmission. The modem/router is set to forward this port in tcp and udp. In the Control Centre>Security>Security>advanced, I've added 51413/udp 51413/tcp to 'other ports', and OK'd that. Ok'ing he previous page, takes me to a page with a list of network activities to be watched, which includes the additions on port 51413. Ok'ing that leads to a page asking the ethernet interface to be used. This is correct. Ok'ng that takes me back to the start. But Transmission, when asked to check the port still tells me the port is closed. I've used this procedure on other, and possibly all versions of Mageia, on a "monkey see, monkey do" basis. It's not really important. transmission works, but not well.. In the past, it has worked for months/years at a time but when it does not, I'm at a complete loss as to why it did, but does not now. There is a suggestion on one of the pages to check /etc/services, which does give me long list of port numbers, but 51413 /udp and 51413/tcp are not included.

[doktor5000]

There is a suggestion on one of the pages to check /etc/services, which does give me long list of port numbers, but 51413 /udp and 51413/tcp are not included.

That is pretty much unrelated, /etc/services only provides service names for several well-known ports, this is irrelevant for your portforwarding issue. As I don't use the Mageia firewall, can't really help you with that, but it might help if you could add the output as root of

Code: Select all

iptables -L

[isadora]

Code: Select all

[root@down rod]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
Ifw        all  --  anywhere             anywhere           
net-fw     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
Reject     all  --  anywhere             anywhere           
LOG        all  --  anywhere             anywhere             LOG level info prefix "Shorewall:INPUT:REJECT:"
reject     all  --  anywhere             anywhere            [goto]

Chain FORWARD (policy DROP)
target     prot opt source               destination         
Reject     all  --  anywhere             anywhere           
LOG        all  --  anywhere             anywhere             LOG level info prefix "Shorewall:FORWARD:REJECT:"
reject     all  --  anywhere             anywhere            [goto]

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
fw-net     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
Reject     all  --  anywhere             anywhere           
LOG        all  --  anywhere             anywhere             LOG level info prefix "Shorewall:OUTPUT:REJECT:"
reject     all  --  anywhere             anywhere            [goto]

Chain Broadcast (2 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
DROP       all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
DROP       all  --  anywhere             anywhere             ADDRTYPE match dst-type ANYCAST

Chain Drop (1 references)
target     prot opt source               destination         
           all  --  anywhere             anywhere           
Broadcast  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere             icmp fragmentation-needed /* Needed ICMP types */
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded /* Needed ICMP types */
DROP       all  --  anywhere             anywhere             ctstate INVALID
DROP       udp  --  anywhere             anywhere             multiport dports loc-srv,microsoft-ds /* SMB */
DROP       udp  --  anywhere             anywhere             udp dpts:netbios-ns:netbios-ssn /* SMB */
DROP       udp  --  anywhere             anywhere             udp spt:netbios-ns dpts:1024:65535 /* SMB */
DROP       tcp  --  anywhere             anywhere             multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */
DROP       udp  --  anywhere             anywhere             udp dpt:1900 /* UPnP */
DROP       tcp  --  anywhere             anywhere             tcp flags:!FIN,SYN,RST,ACK/SYN
DROP       udp  --  anywhere             anywhere             udp spt:domain /* Late DNS Replies */

Chain Ifw (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             match-set ifw_wl src
DROP       all  --  anywhere             anywhere             match-set ifw_bl src
IFWLOG     all  --  anywhere             anywhere             ctstate INVALID,NEWpsd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN'
IFWLOG     udp  --  anywhere             anywhere             ctstate NEW udp dpt:sunrpcIFWLOG prefix 'NEW'
IFWLOG     udp  --  anywhere             anywhere             ctstate NEW udp dpt:nfsIFWLOG prefix 'NEW'
IFWLOG     udp  --  anywhere             anywhere             ctstate NEW udp dpt:4002IFWLOG prefix 'NEW'
IFWLOG     udp  --  anywhere             anywhere             ctstate NEW udp dpt:4001IFWLOG prefix 'NEW'
IFWLOG     udp  --  anywhere             anywhere             ctstate NEW udp dpt:4003IFWLOG prefix 'NEW'
IFWLOG     udp  --  anywhere             anywhere             ctstate NEW udp dpt:4004IFWLOG prefix 'NEW'
IFWLOG     udp  --  anywhere             anywhere             ctstate NEW udp dpt:ippIFWLOG prefix 'NEW'
IFWLOG     udp  --  anywhere             anywhere             ctstate NEW multiport dports 6881:6999IFWLOG prefix 'NEW'
IFWLOG     udp  --  anywhere             anywhere             ctstate NEW udp dpt:51413IFWLOG prefix 'NEW'
IFWLOG     tcp  --  anywhere             anywhere             ctstate NEW tcp dpt:sunrpcIFWLOG prefix 'NEW'
IFWLOG     tcp  --  anywhere             anywhere             ctstate NEW tcp dpt:nfsIFWLOG prefix 'NEW'
IFWLOG     tcp  --  anywhere             anywhere             ctstate NEW tcp dpt:4002IFWLOG prefix 'NEW'
IFWLOG     tcp  --  anywhere             anywhere             ctstate NEW tcp dpt:4001IFWLOG prefix 'NEW'
IFWLOG     tcp  --  anywhere             anywhere             ctstate NEW tcp dpt:4003IFWLOG prefix 'NEW'
IFWLOG     tcp  --  anywhere             anywhere             ctstate NEW tcp dpt:4004IFWLOG prefix 'NEW'
IFWLOG     tcp  --  anywhere             anywhere             ctstate NEW tcp dpt:ippIFWLOG prefix 'NEW'
IFWLOG     tcp  --  anywhere             anywhere             ctstate NEW multiport dports 6881:6999IFWLOG prefix 'NEW'
IFWLOG     tcp  --  anywhere             anywhere             ctstate NEW tcp dpt:51413IFWLOG prefix 'NEW'

Chain Reject (3 references)
target     prot opt source               destination         
           all  --  anywhere             anywhere           
Broadcast  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere             icmp fragmentation-needed /* Needed ICMP types */
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded /* Needed ICMP types */
DROP       all  --  anywhere             anywhere             ctstate INVALID
reject     udp  --  anywhere             anywhere             multiport dports loc-srv,microsoft-ds /* SMB */
reject     udp  --  anywhere             anywhere             udp dpts:netbios-ns:netbios-ssn /* SMB */
reject     udp  --  anywhere             anywhere             udp spt:netbios-ns dpts:1024:65535 /* SMB */
reject     tcp  --  anywhere             anywhere             multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */
DROP       udp  --  anywhere             anywhere             udp dpt:1900 /* UPnP */
DROP       tcp  --  anywhere             anywhere             tcp flags:!FIN,SYN,RST,ACK/SYN
DROP       udp  --  anywhere             anywhere             udp spt:domain /* Late DNS Replies */

Chain dynamic (1 references)
target     prot opt source               destination         

Chain fw-net (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           

Chain logdrop (0 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere           

Chain logflags (5 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             LOG level info ip-options prefix "Shorewall:logflags:DROP:"
DROP       all  --  anywhere             anywhere           

Chain logreject (0 references)
target     prot opt source               destination         
reject     all  --  anywhere             anywhere           

Chain net-fw (1 references)
target     prot opt source               destination         
dynamic    all  --  anywhere             anywhere             ctstate INVALID,NEW,UNTRACKED
tcpflags   tcp  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports sunrpc,nfs,4002,4001,4003,4004,ipp,6881:6999,51413
ACCEPT     udp  --  anywhere             anywhere             multiport dports sunrpc,nfs,4002,4001,4003,4004,ipp,6881:6999,51413
Drop       all  --  anywhere             anywhere           
LOG        all  --  anywhere             anywhere             LOG level info prefix "Shorewall:net-fw:DROP:"
DROP       all  --  anywhere             anywhere           

Chain reject (8 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             ADDRTYPE match src-type BROADCAST
DROP       all  --  base-address.mcast.net/4  anywhere           
DROP       igmp --  anywhere             anywhere           
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
REJECT     udp  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     icmp --  anywhere             anywhere             reject-with icmp-host-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain shorewall (0 references)
target     prot opt source               destination         
           all  --  anywhere             anywhere             recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255

Chain tcpflags (1 references)
target     prot opt source               destination         
logflags   tcp  --  anywhere             anywhere            [goto]  tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
logflags   tcp  --  anywhere             anywhere            [goto]  tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
logflags   tcp  --  anywhere             anywhere            [goto]  tcp flags:SYN,RST/SYN,RST
logflags   tcp  --  anywhere             anywhere            [goto]  tcp flags:FIN,SYN/FIN,SYN
logflags   tcp  --  anywhere             anywhere            [goto]  tcp spt:0 flags:FIN,SYN,RST,ACK/SYN
[root@down rod]#


[doktor5000]

Chain net-fw (1 references)
target prot opt source destination
[...]
ACCEPT tcp -- anywhere anywhere multiport dports sunrpc,nfs,4002,4001,4003,4004,ipp,6881:6999,51413
ACCEPT udp -- anywhere anywhere multiport dports sunrpc,nfs,4002,4001,4003,4004,ipp,6881:6999,51413

Looks good to me, at least port 51413 should be open. You can try locally via nmap if that port is considered open via something like

Code: Select all

nmap -p 51413 127.0.0.1

[rodgoslin]

Thanks for the fast response. The puzzle widens. Running your suggested command indicates that the port is open, as below

[root@down rod]# nmap -p 51413 127.0.0.1

Starting Nmap 6.47 ( http://nmap.org ) at 2017-03-22 19:16 GMT
Nmap scan report for down (127.0.0.1)
Host is up (0.00011s latency).
PORT STATE SERVICE
51413/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds
[root@down rod]#

However, the problem persists.Opening 'Preferences' in Transmission, selecting 'network' and clicking on the button 'test port', it still comes back as 'Port is closed'

[doktor5000]

You do have forwarded that same port on your router to the current IP adress of your box? Check the same port on the IP of the router via nmap.

[rodgoslin]

Ah, running the nmap command as you suggest on the router address does seem to indicate the cause for the blocked port, as below

Code: Select all

[rod@down ~]$ nmap -p 51413 192.168.1.150

Starting Nmap 6.47 ( http://nmap.org ) at 2017-03-23 00:20 GMT
Nmap scan report for router (192.168.1.150)
Host is up (0.00032s latency).
PORT      STATE  SERVICE
51413/tcp closed unknown

Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
[rod@down ~]$


But the modem/router is set up in the same fashion as all previous ones for port forwarding, and I would have expected it to be enabled simply by the entry of the details.. I'd add a screenshot of the details, but I'm unsure of how this is accomplished, in the forum format.

[doktor5000]

Below the forum editor (only available in Full editor, not via quick reply), switch to the tab "Upload attachment".
Upload your picture, then when finished, click in the editor window where you want your picture to display, and click the button "Place inline".

[rodgoslin]

Thanks, Doktor, my knowledge of phpBB forums is a bit limited on the options side. I'm enclosing, hopefully, three snapshots. One of the modem/router's port forwarding setup page, the second of the edit facility for that page and the third a snapshot of the Transmission setup with the 'test port option '. run.

netgear1.png (110.61 KiB) Viewed 3903 times

netgear2.png (148.33 KiB) Viewed 3903 times

netgear3.png (45.47 KiB) Viewed 3903 times

[doktor5000]

How do you ensure on the router that 192.168.1.200 is the IP adress of your Mageia box, and is that the current IP adress of your Mageia box?
If it is, maybe the router just needs a restart ... seeing that you also enabled UPnP where transmission would request itself the ports to be opened on the router, the router doesn't seem to be working normally (if UPnP is allowed on the router).

[rodgoslin]

The Port Forwarding page on the modem/router setup (netgear1.png) has a button for adding a custom service. This brings u the edit page (netgear2.png), where you add the values for the port range and the particular host. There is an option for 'all', perhaps for all hosts on the subnet. All changes to the settings require a re-boot of the modem/router before they become effective.. I'm tending to the same conclusion as yourself, that there is a problem with the modem/router. None of the other modem/routers thay I've had on the system has displayed this problem. Other problems, perhaps, but not this one.. I shall have to replace this unit, hopefully shortly, anyway. There are faint signs that the Telephone Services Provider is going to install high speed broadband to this locality. However, since they have been promising the imminent installation of such for the past three and a half years, one has to take this with the proverbial pinch of salt.. I think my best option is to purchase a VDSL/ADSL modem/router and hope for the best. I admit to being some what surprised that Transmissions 'test port' option also includes the modem/router. This coupled by the reliability of Port Forwarding on earlier modem/routers has diverted me from suspecting the modem/router of having a problem. I'll give it another couple of days, then close the issue. Thank you for your help on this somewhat vexing problem.

[wintpe]

ive seen this before, and on netgear routers

netgear basically think all there customers are stupid and adds a firewall block to incoming traffic.

the only way to override it is to get into the router and disable it.

that was the case when i first got into setting up wan to wan, i ended up sending the netgear back and getting a
zyxtel. Im on my third zyxtel now, and ive never had a problem since.

it maybe that netgear have since watered down that aggressive block that the DG834 used to have, but i might be right about this.

https://kb.netgear.com/8219/How-to-setu ... ar_organic

regards peter

[rodgoslin]

Peter, I thought that that was the answer, but unfortunately, not. As your link suggests, one can go into the router, to Security>Firewall Rues , which patently did nothingto remove blocks to incoming, but in my modem/router the option for incoming is "Click here". Clicking here" then took me to the Port Forwarding Rules, where I'd already carried out the required settings. Which I suppose, "Port Forwarding" is just another way of saying "let this one in"