Eu tenho transmissão instalada, que escuta na porta padrão 51413.
Eu tentei abrir tudo para essa porta.
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT icmp -- 'Server IP' anywhere state NEW,RELATED,ESTABLISHED icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:9091
ACCEPT tcp -- anywhere anywhere tcp dpt:51413
ACCEPT udp -- anywhere anywhere udp dpt:51513
ACCEPT tcp -- anywhere anywhere tcp spt:51413
ACCEPT udp -- anywhere anywhere udp spt:51413
LOGGING all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT icmp -- anywhere anywhere state NEW,RELATED,ESTABLISHED icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp spt:9091
ACCEPT tcp -- anywhere anywhere tcp spt:51413
ACCEPT udp -- anywhere anywhere udp spt:51413
ACCEPT tcp -- anywhere anywhere tcp dpt:51413
ACCEPT udp -- anywhere anywhere udp dpt:51413
LOGGING all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain LOGGING (2 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 12/min burst 5 LOG level warning prefix "FirewallDrops: "
DROP all -- anywhere anywhere
Mas ainda não deixa o tráfego passar.
Se eu limpar as tabelas:
iptables -F
então funciona, então imagino que algo está faltando no iptables.
/var/log/kern.log:May 5 18:43:32 StretchSvr kernel: [ 9.258012] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2371 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2370 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ]
/var/log/kern.log:May 5 18:43:32 StretchSvr kernel: [ 9.298081] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=55801 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:43:32 StretchSvr kernel: [ 9.305079] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.444453] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=55802 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.453131] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.225 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6969 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.456361] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.458255] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.252 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:45:01 StretchSvr kernel: [ 98.435703] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2373 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2372 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ]
/var/log/syslog:May 5 18:43:32 StretchSvr kernel: [ 9.258012] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2371 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2370 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ]
/var/log/syslog:May 5 18:43:32 StretchSvr kernel: [ 9.298081] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=55801 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/syslog:May 5 18:43:32 StretchSvr kernel: [ 9.305079] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.444453] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=55802 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.453131] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.225 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6969 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.456361] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.458255] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.252 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
Qualquer ajuda apreciada.
Então, como eu expliquei nos comentários acima, foi um erro de digitação que fiz Lol ... Eu tive minha porta de entrada do udp como 51513 em vez de 51413 ...
Mas, caso alguém queira saber, estas são as regras que usei para permitir a Transmissão:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -p udp --dport 51413 -j ACCEPT
iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT
Obrigado a todos por sua contribuição