当接收来自服务器的消息时,udp客户端发送ICMP“端口不可到达”。

时间:2021-09-22 09:52:17

Moved: https://superuser.com/questions/782549/udp-client-sending-icmp-port-unreachable-when-receiveing-messages-from-the-ser

移动:https://superuser.com/questions/782549/udp-client-sending-icmp-port-unreachable-when-receiveing-messages-from-the-ser

I have a udp client using luasocket, basically doing this (with a few layers of abstraction, but this is what's going on there):

我有一个udp客户端使用luasocket,基本上是这样做的(有一些抽象层,但这是正在进行的):

s=socket.udp()
s:setsockname("*",0)
s:setpeername(socket.dns.toip("example.com"),64299)
s:settimeout(0)
s:send(...)
s:settimeout(10)
msg,err=s:receive()
s:settimeout(0)
print(msg,err)

while seeing everything's fine in the server's debug output (ssh to the remote host), i get a "timeout" error in the client.

当在服务器的调试输出(ssh到远程主机)中看到一切都很好时,我在客户端获得了一个“超时”错误。

when inspecting everything with client-side wireshark, I see the packet my client sent, and a response packet from the server (correct port and everything), AND an ICMP "port unreachable" packet sent from my client host to the server in response to it's (correct) response.

在对客户端wireshark进行检查时,我看到了客户机发送的数据包,以及来自服务器的响应包(正确的端口和所有内容),以及从客户机主机发送到服务器的ICMP“端口不可访问”数据包,以响应它(正确的)响应。

what's going on there? I tried everything, including resetting my iptables to "accept everything", but my client still sends the "port unreachable".

发生了什么吗?我尝试了一切,包括重新设置我的iptables来“接受一切”,但我的客户机仍然发送“无法到达的端口”。

the relevant packets are:

相关的数据包:

From            To                  Len Description
192.168.2.100   95.143.172.171  UDP 61  Source port: 45025  Destination port: 64299
  000e8f11e7000025229835a908004500002f4008400040112b6fc0a802645f8facabafe1fb2b001b28d794d2000ec8360100aa81a477616e74a3756964
95.143.172.171  192.168.2.100   UDP 60  Source port: 64299  Destination port: 45025
  0025229835a9000e8f11e70008004500002b000040003911727b5f8facabc0a80264fb2bafe100172e8d94d2000e0ea10100a681a3756964ff000000
192.168.2.100   95.143.172.171  ICMP 85 Destination unreachable (Port unreachable)
  000e8f11e7000025229835a9080045c00047061d00004001a492c0a802645f8facab0303cc6c000000004500002b000040003911727b5f8facabc0a80264fb2bafe100172e8d94d2000e0ea10100a681a3756964ff

Firewall, in case it's important (which I don't think, because iptables doesn't increment any INPUT packet counters while this happens):

防火墙,以防它很重要(我不这么认为,因为iptables在发生时不会增加任何输入包计数器):

$ sudo iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 64299 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i eth0 -p tcp -m tcp --dport 10001:30000 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT

1 个解决方案

#1

2  

Your client-side firewall is actively blocking inbound UDP.

您的客户端防火墙正在积极阻止入站UDP。

#1

2  

Your client-side firewall is actively blocking inbound UDP.

您的客户端防火墙正在积极阻止入站UDP。

标签:

相关文章