The firewall of Fedora Core12 filters out some IP data packets. We recommend that you disable the firewall during development and debugging.

Today, we continue to complete the video forwarding tool. We use udp to listen to the local port 8003 to receive the video forwarding requests sent by users.

After the program is completed, write a small tool to simulate the data request to test whether the program works normally.

At this time, something went wrong.

 

Test procedure:

(1) run the program in the Virtual Machine (Fecdora Core12)

(2) Use tools in the host to send simulated requests

(3) check whether the program works properly

However, the result is that the socket listened in Fecord Core12 of the virtual machine cannot receive the udp packet sent by the host all the time. Use lsof-I to check whether the program has opened the listening port:

[Root @ chu xsock] # lsof-I
Command pid user fd type device size/OFF NODE NAME
Rpcbind 791 rpc 6u IPv4 5997 0t0 UDP *: sunrpc
Rpcbind 791 rpc 7u IPv4 6001 0t0 UDP *: 966
Rpcbind 791 rpc 8u IPv4 6002 0t0 TCP *: sunrpc (LISTEN)
Rpcbind 791 rpc 9u IPv6 6004 0t0 UDP *: sunrpc
Rpcbind 791 rpc 10u IPv6 6006 0t0 UDP *: 966
Rpcbind 791 RPC 11u IPv6 6007 0t0 tcp *: SunRPC (Listen)
Cupsd 823 root 6u IPv6 6146 0t0 TCP localhost: IPP (Listen)
Cupsd 823 root 7u IPv4 6147 0t0 TCP localhost: IPP (Listen)
Cupsd 823 root 9u IPv4 6150 0t0 udp *: IPP
Rpc. statd 1013 rpcuser 5u IPv4 6940 0t0 udp *: Webster
Rpc. statd 1013 rpcuser 7u IPv4 6949 0t0 udp *: 33396
Rpc. statd 1013 rpcuser 8u IPv4 6953 0t0 tcp *: 40877 (Listen)
Sshd 1181 root 3u IPv4 7542 0t0 tcp *: SSH (Listen)
Sshd 1181 root 4u IPv6 7544 0t0 tcp *: SSH (Listen)
Sendmail 1196 root 4u IPv4 7592 0t0 TCP localhost: SMTP (Listen)
Dhclient 10321 root 6u IPv4 34639 0t0 udp *: bootpc
Videotran 10615 root 4u IPv4 37324 0t0 UDP *: mcreport-------------------------> Listener Port

When tcpdump port 8003 is used, the UDP packet sent by the host is indeed received:

[root@chu testVideoCMD]# tcpdump port 8003
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:04:42.155902 IP 192.168.110.69.7293 > 192.168.110.100.mcreport: UDP, length 112

However, the recvfrom of the socket cannot receive data.

In addition, messages can be sent using the same tool in the virtual machine.

 

Where is the problem?

Because the socket is the code transplanted from other projects, I am worried that the Code may have bugs, so I checked it again and again to confirm that there is no problem. I also asked my boss to read it again, OK. I even suspected that there was a problem with the test tool. I also tried all the other methods of connecting the Virtual Machine network from nat to bridge.

Finally, we recommend that you disable the firewall.

Although the firewall was also taken into account before, I thought: Since tcpdump has received data, it should not be filtered out by the firewall? The head said that tcpmdump is very underlying and may not be able to filter out the firewall, but our program is filtered out.

So I tried to turn off the Firewall:

service iptables stop

The result shows that the firewall is a zombie. After the firewall is turned off, everything is normal.

Some knowledge about firewalls:

Disable the firewall of Fedora

Effective after restart
Enable: chkconfig iptables on
Close: chkconfig iptables off or/sbin/chkconfig -- level 2345 iptables off

2) takes effect immediately and becomes invalid after restart

Service Mode
Enable: service iptables start
Disable: service iptables stop

Iptables Mode

View the Firewall Status:
/Etc/init. d/iptables status

Temporarily disable the Firewall:
/Etc/init. d/iptables stop

Restart iptables:
/Etc/init. d/iptables restart

Http://www.cnblogs.com/eoiioe/archive/2008/12/28/1363913.html

 

Q: Why does the UDP packet sent from other machines to port 8003 in iptable be filtered out?

It seems that you have time to understand the iptable mechanism.

I checked that the port 8003 I used is smaller than 1024, and the port used by the Service is:

Mcreport 8003/tcp mulberry connect Reporting Service
Mcreport 8003/udp mulberry connect Reporting Service

You can also use the system-config-firewall command to configure the firewall.

 

Finally, the conclusion is: the evil firewall will only get in the way of development. If you can close it, turn it off.

Ps: mourning this sad day...