kdeconnect: How to accept traffic ... in iptables? [closed]

Issues Related to Networking (Wired and Wireless)

Moderator: Moderators

Post Reply
User avatar
linuxfluesterer
Old Dear Hen
Posts: 872
Joined: Thu Sep 20, 2012 19:47
Location: Germany

kdeconnect: How to accept traffic ... in iptables? [closed]

Post by linuxfluesterer » Mon Nov 07, 2016 16:06

Hallo guys.
I just installed the latest daily Plasma version of Sabayon as of date 04/11/2016. Beside some restrictions with partitioning with Anaconda, everything went fine.
I rebooted the laptop, and then after wireless connection, I wanted to install kdeconnect, which went fine also.
In my user's konsole, I executed /usr/lib64/libexec/kdeconnectd.
But when I opened System Settings and then KDE-Connect symbol, then I could not see, not reach my mobile phone, which I can see and I am connected with my already running old KDE 4.14.10 system. After some investigations in Google, I found out, that I have to open udp and tcp ports 1714 to 1764.
I checked, that on my new Sabayon system iptables seems to be defined (activated?) by default when booted.
When I do iptables -L, I get this:

Code: Select all

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_public  all  --  anywhere             anywhere            [goto] 
FWDI_public  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_public  all  --  anywhere             anywhere            [goto] 
FWDO_public  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_public (2 references)
target     prot opt source               destination         
FWDI_public_log  all  --  anywhere             anywhere            
FWDI_public_deny  all  --  anywhere             anywhere            
FWDI_public_allow  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain FWDI_public_allow (1 references)
target     prot opt source               destination         

Chain FWDI_public_deny (1 references)
target     prot opt source               destination         

Chain FWDI_public_log (1 references)
target     prot opt source               destination         

Chain FWDO_public (2 references)
target     prot opt source               destination         
FWDO_public_log  all  --  anywhere             anywhere            
FWDO_public_deny  all  --  anywhere             anywhere            
FWDO_public_allow  all  --  anywhere             anywhere            

Chain FWDO_public_allow (1 references)
target     prot opt source               destination         

Chain FWDO_public_deny (1 references)
target     prot opt source               destination         

Chain FWDO_public_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_public  all  --  anywhere             anywhere            [goto] 
IN_public  all  --  anywhere             anywhere            [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_public (2 references)
target     prot opt source               destination         
IN_public_log  all  --  anywhere             anywhere            
IN_public_deny  all  --  anywhere             anywhere            
IN_public_allow  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain IN_public_allow (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination         

Chain IN_public_log (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         

So, I typed in the following lines as root:

Code: Select all

iptables -A INPUT -p tcp --match multiport --dports 1714:1764 -j ACCEPT
iptables -A INPUT -p udp --match multiport --dports 1714:1764 -j ACCEPT
I checked with:

Code: Select all

iptables -L | grep 1714
that the new directive was included. But this did not change anything in KDE-Connect behavior. My mobile can't be seen yet.
So, for a test, I flushed the iptables with:

Code: Select all

iptables -F
which forced all rules of of iptables to forget. And then my [KDE-Connect[/i] recognized my mobile.
So, my questions are:
1. Who or which process activates iptables while boot process. It is NOT a systemd event, because iptables.service can't be found, 'no such file or directory'.

2. Do I need a firewall at all, when my router has a built in firewall?

3. How can I use the Sabayon iptables default settings extended by accepting the tcp ports 1714 to 1764 and udp ports 1714 to 1764 also?

Thank you in advance, thank you for joining.

-Linuxfluesterer (I love KDE ...)
Last edited by linuxfluesterer on Tue Nov 08, 2016 18:13, edited 1 time in total.
Take away Facebook from me and let there be real people again...

User avatar
sabayonino
Sagely Hen
Posts: 3279
Joined: Sun Sep 21, 2008 1:12
Location: Italy
Contact:

Re: kdeconnect: How to accept traffic (ports) in iptables?

Post by sabayonino » Mon Nov 07, 2016 19:55

Hi

check systemd' iptables services

Code: Select all

ls /usr/lib/systemd/system | grep tables
ip6tables-restore.service
ip6tables-store.service
iptables-restore.service
iptables-store.service

Code: Select all

# systemctl enable iptables-store.service
whre iptables-store.service contents is

Code: Select all

# cat iptables-store.service
[Unit]
Description=Store iptables firewall rules
Before=shutdown.target
DefaultDependencies=No

[Service]
Type=oneshot
ExecStart=/bin/sh -c "/sbin/iptables-save --counters > /var/lib/iptables/rules-save"

[Install]
WantedBy=shutdown.target

Here you can see services alternatives for systemd
Gentoo packageOpenRC servicesystemd unit
net-firewall/iptablesiptablesiptables-store.service
iptables-restore.service
[Che Cos'è Il Calcolo Distribuito (BOINC)

BOINC ready ! Sabayon+BOINC = BILD ,my Sabayon spin :cyclops: - Ready to crunch for the Science everywhere :)

joost
Sagely Hen
Posts: 2715
Joined: Fri Nov 17, 2006 12:11
Location: The Netherlands
Contact:

Re: kdeconnect: How to accept traffic (ports) in iptables?

Post by joost » Mon Nov 07, 2016 22:55

I think firewall is controlled by firewalld.

Code: Select all

systemctl status firewalld
https://fedoraproject.org/wiki/FirewallD
Do I need a firewall at all, when my router has a built in firewall?
Not sure if you really need that enabled. Perhaps when you run on a large university network/public wifi you might want to.
Image
My blog | Twitter | Please support Sabayon: Image

User avatar
linuxfluesterer
Old Dear Hen
Posts: 872
Joined: Thu Sep 20, 2012 19:47
Location: Germany

Re: kdeconnect: How to accept traffic (ports) in iptables?

Post by linuxfluesterer » Mon Nov 07, 2016 23:52

Ciao Sabayonino é grazie.
Ok, I executed your suggestion:

Code: Select all

systemctl enable iptables-store.service
but I don't see any difference after reboot and I assume, that Joost's (thanks also!) post with firewalld is the explanation for a running iptables firewall while booting which would answer my first question.
However, when I execute the rules:

Code: Select all

iptables -A INPUT -p tcp --match multiport --dports 1714:1764 -j ACCEPT
iptables -A INPUT -p udp --match multiport --dports 1714:1764 -j ACCEPT
to open the ports 1714 to 1764 for both, tcp and udp, nothing changes in behavior for KDE-Connect. I still can't access onto my mobile and vice verca.
So, except I cancel my firewall with:

Code: Select all

iptables -F
I can't use KDE-Connect. Maybe I misspelled or misused the iptables command to allow ports?

Thank you again for joining!

-Linuxfluesterer (I love KDE ...)
So, my third question is not answered yet. But according to Joost's answer, I consider to disable firewalld.
Take away Facebook from me and let there be real people again...

User avatar
linuxfluesterer
Old Dear Hen
Posts: 872
Joined: Thu Sep 20, 2012 19:47
Location: Germany

Re: kdeconnect: How to accept traffic (ports) in iptables?

Post by linuxfluesterer » Tue Nov 08, 2016 18:12

I have disabled firewalld service, and now my KDE-Connect can easily find my mobile and be contacted with messages from mobile to the Desktop.
So, I will mark this thread as 'closed'
Thank you for joining and answers.

-Linuxfluesterer (I love KDE ...)
Take away Facebook from me and let there be real people again...

User avatar
sabayonino
Sagely Hen
Posts: 3279
Joined: Sun Sep 21, 2008 1:12
Location: Italy
Contact:

Re: kdeconnect: How to accept traffic (ports) in iptables?

Post by sabayonino » Tue Nov 08, 2016 18:42

linuxfluesterer wrote:I have disabled firewalld service, and now my KDE-Connect can easily find my mobile and be contacted with messages from mobile to the Desktop.
So, I will mark this thread as 'closed'
Thank you for joining and answers.

-Linuxfluesterer (I love KDE ...)
uhm. maybe firewalled has its own rules that override iptables rules :roll:
[Che Cos'è Il Calcolo Distribuito (BOINC)

BOINC ready ! Sabayon+BOINC = BILD ,my Sabayon spin :cyclops: - Ready to crunch for the Science everywhere :)

Post Reply