[ale] More on Mozilla/Java
Kevin Krumwiede
krum at smyrnacable.net
Mon Mar 25 22:56:23 EST 2002
Okay, something about my simple firewall rules is preventing the Java
plugin from working. I started logging everything that falls off
the end of the output chain (policy: DROP) and I saw this each time I
started the browser:
Mar 25 21:39:31 localhost kernel: IN= OUT=lo SRC-127.0.0.1 DST=127.0.0.1
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 D F PROTO=UDP SPT=32768 DPT=111
LEN=64
What is it trying to do? Port 111 is RPC services. I'm not running RPC
services though (I'd see it in netstat -l, right?) so what difference
does it make if it can connect to this? Odd.
More observations:
iptables -A OUTPUT -o lo -p udp --dport 111 -j ACCEPT
This matches the above packet. The browser hangs on startup. I'm not
sure why this hangs the browser and DROP doesn't. Setting it to REJECT
prevents the browser hanging, but applets still don't work.
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
IT WORKS NOW!!!
Can anyone explain why the plugin is talking to itself on the loopback
interface? :-)
Should I bother trying to work out a smaller "hole" in the firewall for
my lo interface? It can't really hurt to open it up like this, can it?
Krum
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list