<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Thanks Mike.<br>
<br>
That makes sense, since I did notice that I have no issues if I started
the FE when the firewall was down and then started up the firewall. At
the time the behavior was very confusing.<br>
<br>
That option must be somewhat new (last 1.5 years or so), since I did
not see this issue when I have a firewall on my old myth BE. <br>
<br>
Either way. Good to know what is going on.<br>
<br>
<br>
Mike<br>
<br>
<br>
Michael T. Dean wrote:
<blockquote cite="mid:494FE96B.5010309@thirdcontact.com" type="cite">
<pre wrap="">On 12/22/2008 08:03 AM, ctd wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I just noticed something odd which I had not seen discussed anywhere,
so i figured I would post here.
Recently I just added and have been setting up Shorewall on my mythtv
backend. I opened the needed ports (6543-TCP, 6544-TCP, 3306-TCP)
mentioned in the mythtv documentation, but I still had issues
connecting to the BE when my FE booted up.
I looked at my shorewall logs, and noticed these entries:
Dec 21 14:01:41 mainserver Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=192.168.1.202
DST=192.168.1.200 LEN=84 TOS=0x00 PREC=0x00 TTL=3 ID=0 DF PROTO=ICMP
TYPE=8 CODE=0 ID=10517 SEQ=1
Dec 21 14:01:51 mainserver Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:X0 SRC=192.168.1.202
DST=192.168.1.200 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP
TYPE=8 CODE=0 ID=11029 SEQ=1
After a little digging, it looks like my FE was attempting to ping
(PROTO=ICMP) my BE during the startup process. The FE did not like
these packets being dropped and would give the "standard" cannot
connect to the BE message.
I was able to overcome this by added this rule to /etc/shorewall/rules:
Ping/ACCEPT net fw
Anyone else running a firewall on their BE ever have to handle this?
I would assume that any BE that uses an IPTABLES based firewall would
need to do something similar? Maybe the default setting is to allow
pings.
Just curious.
</pre>
</blockquote>
<pre wrap=""><!---->
There's also a setting you can specify by selecting/unselecting the
appropriate checkbox when asked at initial (database) setup or (once
configured "incorrectly" by going into frontend settings under
Settings|General on screen "Database Configuration 1/2":
Ping test server?
Test basic host connectivity using the ping command. Turn off if your
host or network don't support ping (ICMP ECHO) packets
Mike
_______________________________________________
mythtv-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:mythtv-users@mythtv.org">mythtv-users@mythtv.org</a>
<a class="moz-txt-link-freetext" href="http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users">http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users</a>
</pre>
</blockquote>
</body>
</html>