@digitalbanana wrote:
iptables -A INPUT -p tcp –dport 3689 -j ACCEPT
iptables -A OUTPUT -p tcp –dport 3689 -j ACCEPT
iptables -A INPUT -p udp –dport 5353 -d 224.0.0.251 -j ACCEPT
iptables -A OUTPUT -p udp –dport 5353 -d 224.0.0.251 -j ACCEPT
I thinks these are not quite right… try:
iptables -A INPUT -p tcp --dport 3689 - j ACCEPT
iptables -A INPUT -p udp --dport 5353 -s 224.0.0.215 -j ACCEPT
iptables -A OUTPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
That will probably work. If you can http to 3689, the first rule is working. If it shows up at all, for any length of time, then the last rule is working. If it disappears at some point after it starts up, then the second rule is broken.
Your second rule is superfluous, and my third rule is probably superfluous, as from your description of the problem it looks like you aren’t doing egress filtering, or at least not to the hosts on your lan.
If you can’t get the 3689 by http, because you *are* doing egress filtering, the winning rule would be:
iptables -A OUTPUT -p tcp --sport 3689 -j ACCEPT
– Ron