Reply To: iptables help


@mattbo wrote:

I’m running mt-daapd (svn-1463) with mDNSResponder (howl 1.0.0), and it works ok. My trouble is with iptables. If I set all the rules to ACCEPT, then the SB can see the mt-daapd. However, I like having a firewall. So can someone help me figure out reasonable rules to get things working?

These look reasonable, so I’m not sure where it’s broken.

If you don’t see it though, then it’s probably on the output chain. That’s where it pushes an announcement and it pops into iTunes. So if you can start iTunes, then start the mt-daapd server and it doesn’t show up in iTunes, then it’s the output chain.

You could try a couple things.

1. Set the output chain to accept all, then look at the packet with a sniffer… maybe it’s not *to* port 5353, but *from* port 5353. Or vice versa. Whatever.

2. Add a log rule before the rejects so you can see what’s being dropped… then you can see why.

Another thing to try would be to allow each chain in turn — one at a time. That way you can find out which chain is causing the problem.

I don’t have a specific answer for you, but those are the troubleshooting ideas I have. Not sure if that helps, but I hope so.

— Ron