Firewall - allowing port communication

Problem: an application (boinc, which is supposed to run in Ubuntu container in Turris Omnia) is communicating on port 31416. Problems as to firewall setting :frowning: When I try to connect from PC (Windows Boinc Manager on Windows 10 Pro), I’m always rejected :frowning: I tried to set a firewall rules (via LuCI) to allow this communication (see below), but I’m affraid it does not work. Could please anybody more knowlidgeable help? TIA

Firewall - Traffic Rules - boincLAN

Rule is enabled
Name - boincLAN
Restrict to address family - IPv4 and IPv6
Protocol - TCP+UDP
Match ICMP type - any
Source zone - lan:
Source MAC address - any
Source address - any
Source port - 31416
Destination zone - lan:
Destination address - any
Destination port - 31416
Action - accept
Extra arguments - empty

Rest of Firewall - Traffic Rules form is empty,
supposing it’ll apply any time.

If both machines are in the same subnet (LAN) there should be no need for firewall rules. So i guess your problem isn‘t located at the TO firewall. Check the Service itself (Client restrictions?) or your Windows machine (Firewall, Access Restrictions, vpn?)

Check if the Port is accessible from your TO using netcat (via ssh):
nc -zv „lxc-machine-ip“ „Port“

Check if you Can Ping lxc machine from Windows (via cmd):
ping „lxc-machine-ip“

Thanks for your help.

As to accessibility from TO (unfortunately, in TO implementation of “nc” command, neither “-z” nor “-v” options are regognized) :

Boinc port in ubuntu container KontUb is probably not accesible; either is connection refused:

root@turris:~# lxc-info -n KontUb
Name: KontUb
State: RUNNING
PID: 24108
IP: 192.168.1.1xx

root@turris:~# nc 192.168.1.1xx 31416
nc: can’t connect to remote host (192.168.1.1xx): Connection refused

or there is no action at all, until nc command is cancelled:

root@turris:~# nc 192.168.1.1xx 31416
^C

Note I checked the boinc client in container is running. SEE UPDATE BELOW

On the other side, container IP is from Windows PC accessible:

C:\Users\xxx>ping 192.168.1.1xx
Pinging 192.168.1.1xx with 32 bytes of data:
Reply from 192.168.1.1xx: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1xx: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1xx: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1xx: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.1.1xx:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Is there any other possibility to check port accessibility in TO?

Update Fortunately I was able to check accessability from another Ubuntu machine on the same LAN, this time it was OK:

zz@yyyyyy:~$ nc -vz 192.168.1.1xx 31416
Connection to 192.168.1.1xx 31416 port [tcp/*] succeeded!

Thus, even though I don’t understand why there is no message and nc command issued from TO hangs, I know that I’m able to connect to port 31416 of Ubuntu container in TO.

Problem(s) might be in communication between Boinc client in container in TO and Boinc manager running in Windows PC. I have to investigate.

Thanks for your help.