Topic: IP Tables Help, Device not able to communicate to server

[ramasule]

Hello,

I have not been able to get my wifi water timer to work on my network.  I've checked my iptables and seen my dhcp request go crazy

2016-04-29 15:31:37.860520500 Apr 29 15:31:37 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=00 PREC=0x00 TTL=64 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=556

There are a lot of those only when I'm trying to get this thing to work.  Unfortunately I cannot set it in the gizmo itself, it uses a smart phone on the network to configure itself "automatically".  I'm about ready to smash it.  Any suggestions / help?

Thank you,

Ram

[ramasule]

Here is a snippit from my log.

Code: [Select]

2016-04-29 20:17:03.192120500 Apr 29 20:17:03 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=00 PREC=0x00 TTL=64 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=556
2016-04-29 20:17:04.304934500 Apr 29 20:17:04 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=00 PREC=0x00 TTL=64 ID=3 PROTO=UDP SPT=68 DPT=67 LEN=556
2016-04-29 20:17:18.353131500 Apr 29 20:17:18 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=00 PREC=0x00 TTL=64 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=556
2016-04-29 20:17:18.952127500 Apr 29 20:17:18 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=00 PREC=0x00 TTL=64 ID=3 PROTO=UDP SPT=68 DPT=67 LEN=556
2016-04-29 20:17:46.782281500 Apr 29 20:17:46 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=00 PREC=0x00 TTL=64 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=556
2016-04-29 20:17:47.629686500 Apr 29 20:17:47 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=00 PREC=0x00 TTL=64 ID=3 PROTO=UDP SPT=68 DPT=67 LEN=556
2016-04-29 20:24:44.146656500 Apr 29 20:24:44 main denylog: IN=eth1 OUT= MAC=00  SRC=212.83.128.125 DST=174.3.135.242 LEN=444 TOS=08 PREC=0x20 TTL=108 ID=18304 PROTO=UDP SPT=5064 DPT=5060 LEN=424
2016-04-29 20:24:58.160839500 Apr 29 20:24:58 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=343 TOS=00 PREC=0x00 TTL=64 ID=26823 PROTO=UDP SPT=68 DPT=67 LEN=323
2016-04-29 20:25:03.177826500 Apr 29 20:25:03 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=337 TOS=00 PREC=0x00 TTL=64 ID=32827 CE PROTO=UDP SPT=68 DPT=67 LEN=317
2016-04-29 20:25:04.004883500 Apr 29 20:25:04 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=349 TOS=00 PREC=0x00 TTL=64 ID=11668 PROTO=UDP SPT=68 DPT=67 LEN=329
2016-04-29 20:25:04.363866500 Apr 29 20:25:04 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=342 TOS=00 PREC=0x00 TTL=64 ID=12194 PROTO=UDP SPT=68 DPT=67 LEN=322
2016-04-29 20:25:18.958098500 Apr 29 20:25:18 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=338 TOS=00 PREC=0x00 TTL=128 ID=9 PROTO=UDP SPT=68 DPT=67 LEN=318
2016-04-29 20:25:19.364128500 Apr 29 20:25:19 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=00 PREC=0x00 TTL=128 ID=10 PROTO=UDP SPT=68 DPT=67 LEN=308
2016-04-29 20:25:19.896954500 Apr 29 20:25:19 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=337 TOS=00 PREC=0x00 TTL=128 ID=14108 PROTO=UDP SPT=68 DPT=67 LEN=317
2016-04-29 20:25:19.914229500 Apr 29 20:25:19 main denylog: IN=br0 OUT=br0 MAC=00  SRC=169.254.78.39 DST=224.0.0.22 LEN=40 TOS=00 PREC=0x00 TTL=1 ID=11343 PROTO=2
2016-04-29 20:25:19.914974500 Apr 29 20:25:19 main denylog: IN=br0 OUT=br0 MAC=00  SRC=169.254.78.39 DST=224.0.0.22 LEN=40 TOS=00 PREC=0x00 TTL=1 ID=11344 PROTO=2
2016-04-29 20:25:19.915463500 Apr 29 20:25:19 main denylog: IN=br0 OUT=br0 MAC=00  SRC=169.254.78.39 DST=224.0.0.22 LEN=40 TOS=00 PREC=0x00 TTL=1 ID=11345 PROTO=2
2016-04-29 20:25:19.918882500 Apr 29 20:25:19 main denylog: IN=br0 OUT=br0 MAC=00  SRC=169.254.78.39 DST=224.0.0.22 LEN=40 TOS=00 PREC=0x00 TTL=1 ID=11346 PROTO=2
2016-04-29 20:25:19.920114500 Apr 29 20:25:19 main denylog: IN=br0 OUT=br0 MAC=00  SRC=169.254.78.39 DST=224.0.0.252 LEN=55 TOS=00 PREC=0x00 TTL=1 ID=15901 PROTO=UDP SPT=56240 DPT=5355 LEN=35
2016-04-29 20:25:19.964078500 Apr 29 20:25:19 main denylog: IN=br0 OUT=br0 MAC=00  SRC=0.0.0.0 DST=255.255.255.255 LEN=344 TOS=00 PREC=0x00 TTL=128 ID=11 PROTO=UDP SPT=68 DPT=67 LEN=324

[guest22]

Is your server in server-gateway mode or server only?

[ramasule]

Server-Gateway

[guest22]

'my network' is that LAN or WAN. Is the 'Internet of things device' on your LAN?

[guest22]

ps. looks like you are working with VM's and bridged adapters?

[ramasule]

My network is LAN,

BR0 might be from using OpenVpn.

My external IP is 174.3.135.242.

I don't know why this device and only this device (the aquatimer) is giving me grief.

My network topology is this    Modem -> SME -> Wireless router(s)

I have tried both routers, assigning it a static IP on the DCHP list by MAC address, nothing seems to work.  It gets an IP just fine, but these errors still show up in the iptables and the device will not communicate to the website it needs (online service).

I've talked to the manufacturers and they have told me there is no special port requirements.

[guest22]

I've talked to the manufacturers and they have told me there is no special port requirements.

No immediate answer, but I heard 'that' before...


So 'it' communicates out of the blue?

[guest22]

Internet of things. Nobody understands what it is....

[ramasule]

Ha I hear that RequestedDeletion, unfortunately they had the best product for what I was looking for, wireless timer for garden watering, settable from anywhere.

I miss when everyone knew how their products worked and they were not all outsourced, but those days are long gone. 

Any other suggestions?

[mmccarn]

If the water timer auto configures based on a cell phone pairing, you may need to worry about your phone and not the timer.

One option that occurs to me:
* turn off your phone's cell radio (forcing it to use wifi only), or try to set it up using a iPod instead of a phone...
* make sure the phone is connected to your LAN (and not tunneled in over a vpn)
* try setting up the sprinkler again
* curse or rejoice (as appropriate)...

[ramasule]

Tried 2 tablets and a phone, maximum curse.

[guest22]

config set WaterTimer service status enabled access public UDPPort 67
signal-event remoteaccess-update


Give the above a try and watch the logs

[CharlieBrady]

Remove the openVPN contrib and revert back to plain SME server configuration. If the problem goes away, then work with the openVPN contrib developer to fix the problem with DHCP broadcasts.

[ramasule]

The Sage has spoken.

[rock]ramasule{hard place}