[OpenAFS] UDP help?
William Murray
W.J.Murray@rl.ac.uk
Mon, 17 Mar 2008 21:43:17 +0000
Hello guys,
I have a problem with AFS at home, which stopped working a few
months ago, and I am not sure why. I THINK udp is blocked somewhere,
maybe by my NAT/router box, maybe by AOL. I think 'nc' seems like a good
(linux) tool to test things, but I am not used to it. Can anyone
suggest how I can check connectivity?
Thank you,
Bill
Ps. my iptables setting:
#!/bin/sh
#First we flush our current rules
iptables -F
iptables -t nat -F
#Setup default policies to handle unmatched traffic
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#Copy and paste these examples ...
export LAN=eth0
export WAN=ppp0
#Then we lock our services so they only work from the LAN
iptables -I INPUT 1 -i ${LAN} -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT
iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT
#(Optional) Allow access to our ssh server from the WAN
iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT
#Drop TCP / UDP packets to privileged ports
iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
#Finally we add the rules for NAT
iptables -I FORWARD -i ${LAN} -d 168.254.0.0/255.255.0.0 -j DROP
iptables -A FORWARD -i ${LAN} -s 168.254.0.0/255.255.0.0 -j ACCEPT
iptables -A FORWARD -i ${WAN} -d 168.254.0.0/255.255.0.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
#Tell the kernel that ip forwarding is OK
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done