J'ai la transmission installée, qui écoute sur le port par défaut 51413.
J'ai essayé de tout ouvrir pour ce port.
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT icmp -- 'Server IP' anywhere state NEW,RELATED,ESTABLISHED icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:9091
ACCEPT tcp -- anywhere anywhere tcp dpt:51413
ACCEPT udp -- anywhere anywhere udp dpt:51513
ACCEPT tcp -- anywhere anywhere tcp spt:51413
ACCEPT udp -- anywhere anywhere udp spt:51413
LOGGING all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT icmp -- anywhere anywhere state NEW,RELATED,ESTABLISHED icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp spt:9091
ACCEPT tcp -- anywhere anywhere tcp spt:51413
ACCEPT udp -- anywhere anywhere udp spt:51413
ACCEPT tcp -- anywhere anywhere tcp dpt:51413
ACCEPT udp -- anywhere anywhere udp dpt:51413
LOGGING all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain LOGGING (2 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 12/min burst 5 LOG level warning prefix "FirewallDrops: "
DROP all -- anywhere anywhere
Mais il ne laisse toujours pas passer le trafic.
Si je vide les tables:
iptables -F
cela fonctionne alors, alors j'imagine qu'il y a quelque chose qui me manque dans iptables.
/var/log/kern.log:May 5 18:43:32 StretchSvr kernel: [ 9.258012] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2371 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2370 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ]
/var/log/kern.log:May 5 18:43:32 StretchSvr kernel: [ 9.298081] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=55801 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:43:32 StretchSvr kernel: [ 9.305079] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.444453] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=55802 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.453131] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.225 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6969 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.456361] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.458255] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.252 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:45:01 StretchSvr kernel: [ 98.435703] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2373 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2372 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ]
/var/log/syslog:May 5 18:43:32 StretchSvr kernel: [ 9.258012] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2371 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2370 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ]
/var/log/syslog:May 5 18:43:32 StretchSvr kernel: [ 9.298081] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=55801 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/syslog:May 5 18:43:32 StretchSvr kernel: [ 9.305079] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.444453] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=55802 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.453131] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.225 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6969 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.456361] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.458255] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.252 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
Toute aide appréciée.
Donc, comme je l’ai expliqué dans les commentaires ci-dessus, c’est une faute de frappe que j’ai faite Lol ... j’avais mon port INPUT udp comme 51513 au lieu de 51413 ...
Mais, juste au cas où quelqu'un voudrait savoir, ce sont les règles que j'ai utilisées pour autoriser la transmission:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -p udp --dport 51413 -j ACCEPT
iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT
Merci à tous pour leur contribution