udp client sending ICMP "port unreachable" when receiveing messages from the server

Moved: https://superuser.com/questions/782549/udp-client-sending-icmp-port-unreachable-when-receiveing-messages-from-the-ser

I have a udp client using luasocket, basically doing this (with a few layers of abstraction, but this is what's going on there):

s=socket.udp()
s:setsockname("*",0)
s:setpeername(socket.dns.toip("example.com"),64299)
s:settimeout(0)
s:send(...)
s:settimeout(10)
msg,err=s:receive()
s:settimeout(0)
print(msg,err)

while seeing everything's fine in the server's debug output (ssh to the remote host), i get a "timeout" error in the client.

when inspecting everything with client-side wireshark, I see the packet my client sent, and a response packet from the server (correct port and everything), AND an ICMP "port unreachable" packet sent from my client host to the server in response to it's (correct) response.

what's going on there? I tried everything, including resetting my iptables to "accept everything", but my client still sends the "port unreachable".

the relevant packets are:

From            To                  Len Description
192.168.2.100   95.143.172.171  UDP 61  Source port: 45025  Destination port: 64299
  000e8f11e7000025229835a908004500002f4008400040112b6fc0a802645f8facabafe1fb2b001b28d794d2000ec8360100aa81a477616e74a3756964
95.143.172.171  192.168.2.100   UDP 60  Source port: 64299  Destination port: 45025
  0025229835a9000e8f11e70008004500002b000040003911727b5f8facabc0a80264fb2bafe100172e8d94d2000e0ea10100a681a3756964ff000000
192.168.2.100   95.143.172.171  ICMP 85 Destination unreachable (Port unreachable)
  000e8f11e7000025229835a9080045c00047061d00004001a492c0a802645f8facab0303cc6c000000004500002b000040003911727b5f8facabc0a80264fb2bafe100172e8d94d2000e0ea10100a681a3756964ff

Firewall, in case it's important (which I don't think, because iptables doesn't increment any INPUT packet counters while this happens):

$ sudo iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 64299 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i eth0 -p tcp -m tcp --dport 10001:30000 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT

well, no, i'm afraid it's not. at least if I understand it correctly. because: iptables -t filter -A INPUT -i eth0 -p UDP --sport 64299 -j ACCEPT

i see that it is the only possible explanation, but I don't see how that could be, because I explicitly accept the source port. also I accept all established/related states, which should implicitly cover this case too (iptables remembers IP/Port pairs for stateless "connections" like UDP).

even stranger: inspecting iptables -vL ; ./client.lua ; iptables -vL i get 0 packets for these rules before AND after the client ran; while the reject-with icmp-port-unreachable counter didn't change either

The question is now about iptables and is therefore off topic. Try superuser.

are you kidding me? the question is not about iptables, because if iptables would be blocking my packet, i would see the counters being incremented, which I don't, as I said there: stackoverflow.com/questions/24720022/…

It isn't about your code. Your code is executing perfectly. The read timeout and ICMP message both indicate that an external factor is in play. Ergo off topic.

assuming there's no strange bug in luasocket closing my udp socket between sending and trying to receive, I guess you're right then, closing this question and moving it to SU.