Firewall rules for transmission

firewall iptables transmission
15,439

So as I explained in the comments above, it was a typo I made Lol ... I had my INPUT udp port as 51513 instead of 51413 ...

But, just in case anyone wants to know, these are the rules that I have used to allow Transmission:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -p udp --dport 51413 -j ACCEPT
iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT

Thanks everyone for their input

Share:
15,439

Related videos on Youtube

Just Lucky Really
Author by

Just Lucky Really

Updated on September 18, 2022

Comments

  • Just Lucky Really
    Just Lucky Really almost 2 years

    I have transmission installed, which listens on the default port 51413.

    I have tried opening everything for this port.

    iptables:

    Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     icmp --  'Server IP'          anywhere             state NEW,RELATED,ESTABLISHED icmp echo-request
ACCEPT     icmp --  anywhere             anywhere             state RELATED,ESTABLISHED icmp echo-reply
ACCEPT     udp  --  anywhere             anywhere             state RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootpc dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9091
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:51413
ACCEPT     udp  --  anywhere             anywhere             udp dpt:51513
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:51413
ACCEPT     udp  --  anywhere             anywhere             udp spt:51413
LOGGING    all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ssh
ACCEPT     icmp --  anywhere             anywhere             state NEW,RELATED,ESTABLISHED icmp echo-request
ACCEPT     icmp --  anywhere             anywhere             state RELATED,ESTABLISHED icmp echo-reply
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:http 
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:9091
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:51413
ACCEPT     udp  --  anywhere             anywhere             udp spt:51413
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:51413
ACCEPT     udp  --  anywhere             anywhere             udp dpt:51413
LOGGING    all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain LOGGING (2 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 12/min burst 5 LOG level warning prefix "FirewallDrops: "
DROP       all  --  anywhere             anywhere

    But it still won't let traffic through.

    If I flush the tables:

    iptables -F

    it then works, so I imagine there is something I'm missing in iptables.

    Logging output:

    /var/log/kern.log:May  5 18:43:32 StretchSvr kernel: [    9.258012] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2371 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2370 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ] 
/var/log/kern.log:May  5 18:43:32 StretchSvr kernel: [    9.298081] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=55801 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/kern.log:May  5 18:43:32 StretchSvr kernel: [    9.305079] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24 
/var/log/kern.log:May  5 18:44:53 StretchSvr kernel: [   90.444453] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=55802 PROTO=UDP SPT=1337 DPT=51413 LEN=24 
/var/log/kern.log:May  5 18:44:53 StretchSvr kernel: [   90.453131] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.225 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6969 DPT=51413 LEN=24 
/var/log/kern.log:May  5 18:44:53 StretchSvr kernel: [   90.456361] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24 
/var/log/kern.log:May  5 18:44:53 StretchSvr kernel: [   90.458255] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.252 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24 
/var/log/kern.log:May  5 18:45:01 StretchSvr kernel: [   98.435703] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2373 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2372 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ] 
/var/log/syslog:May  5 18:43:32 StretchSvr kernel: [    9.258012] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2371 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2370 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ] 
/var/log/syslog:May  5 18:43:32 StretchSvr kernel: [    9.298081] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=55801 PROTO=UDP SPT=1337 DPT=51413 LEN=24 
/var/log/syslog:May  5 18:43:32 StretchSvr kernel: [    9.305079] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24 
/var/log/syslog:May  5 18:44:53 StretchSvr kernel: [   90.444453] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=55802 PROTO=UDP SPT=1337 DPT=51413 LEN=24 
/var/log/syslog:May  5 18:44:53 StretchSvr kernel: [   90.453131] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.225 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6969 DPT=51413 LEN=24 
/var/log/syslog:May  5 18:44:53 StretchSvr kernel: [   90.456361] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24 
/var/log/syslog:May  5 18:44:53 StretchSvr kernel: [   90.458255] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.252 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24

    Any help appreciated.

    • joe
      joe about 10 years
      You can enable logging for dropped packets: help.ubuntu.com/community/IptablesHowTo#Logging
    • Just Lucky Really
      Just Lucky Really about 10 years
      Yep I enabled logging, and it's saying that it's dropping packets - DPT=51413 PROT=TCP ... It's also dropping packets sent from my client on port 137, but I don't know why it's send on that port (might be for the web GUI) ... I'll post the full logs when I get back onto my computer tomorrow
    • Rinzwind
      Rinzwind about 10 years
      I have never ever needed to mess with iptables for transmission to work. I do use a router that I needed to config once (I created a rule for tranmission).
    • Just Lucky Really
      Just Lucky Really about 10 years
      It's because I am implementing a restrictive firewall (I think that's the term Lol) ... So basically I have to explicitly allow ports traffic
    • joe
      joe about 10 years
      Can you post iptables -L just to confirm that the rules are applying as expected?
    • Just Lucky Really
      Just Lucky Really about 10 years
      I've just updated the post, which includes all the logging output, and `iptables -L' output
    • Just Lucky Really
      Just Lucky Really about 10 years
      OMG I think I see what I've done ... I made a typo on the INPUT port udp ... Should be 51413 not 51513 Lol ... I can't test it out right now though, but I'll post the results tomorrow ... Ahhhhh the shame ...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

add rule to firewalld in Centos7 to allow all traffic from a server
ubuntu iptables NAT & Router & Port Forwarding
How can I allow ssh connection from an IP subnet on port 10022 using iptables?
Correct way to masquerade IP in iptables
UFW 'default deny incoming' doesn't work
I can not connect on ubutu service port 3050, from my network
dport is not working on iptables command
How can I open port 80?
iptables allow just internet connection
How to configure iptables file to allow only specific ipaddress on all port and deny all other ipaddress?