UFW blocking ICE connection #15
Comments
|
Did you install it with install script? Here can be many networks issues:
|
|
I installed it manually. It works fine when ufw is disabled, but when ufw is enabled it can't connect. |
|
I have no idea but for some reason ufw being on is breaking it. |
|
There are no additional ports being used, expect your frontend (in your case tcp 80, tcp 443) and chosen EPR (udp 59000-59049). Since UDP is stateless, it needs to be allowed bidirectionally. Not sure if that is automatically handled by UFW. I guess you already tried some stackoverflow hints. Maybe you can drop here your config from |
|
https://i.imgur.com/uIc3CVA.png I have 100 ports open instead of the default 50 btw |
|
I believe the exact error is:
EDIT: I even added the udp ports as outgoing as well with ufw and it still doesn't work :/ EDIT 2: I'll try the stack overflow troubleshooting steps that you mentioned. EDIT 3: Nope. I did the troubleshooting steps and same thing is happening. As soon as I type Therefore its gotta be ufw causing the issue here. Keep in mind the admin panel loads just fine regardless, its the actual neko rooms that refuse to load and throw an error with ufw enabled... |
|
BTW: I am running the neko rooms instance in a privileged podman container to have better control over multiple services on the machine, but none of the other services are running and the ports are all forwarded correctly from the podman container to the host, and then from the host to the router. Therefore I don't think that would effect things much with the proof being that it works perfectly fine with ufw disabled... |
|
That everything seems to be fine. I am going to try with ufw myself, if I can replicate your problem. Is there a chance, that your ufw is blocking outbound connections to get the IP address? It needs to connect to Update: I tried ufw. It turns out that Docker makes changes directly on your iptables, which are not shown with ufw status. Meaning, it did not have any effect on my setup and all ports were exposed. I am not sure how does handle that podman. |
|
Hmm... not sure. I cant ping |
|
Podman is basically Red Hat's version of Docker, which, I personally like a lot better. Its possible it also does something to the ip tables that is causing some sort of a confliction with ufw. For now ill just not use ufw and maybe mess around with it more in the future. |
|
I have tried podman and it seems more secure than docker. But I don't have it in my test environment yet. I am going to play with it in the future and see, if I can replicate this problem. |
|
You may already know this, but just an FYI, if you want to run docker in a podman container, I believe you have to run it |
|
This is the only app on my server preventing me from enabling ufw. I allowed 80/tcp as well as 59000:59099/udp (100 ports) and i get an error about not being to establish the ICE connection... |
|
Nevermind I think I found the issue... |
Could you please provide the fix? |
I've had this issue with other programs and it seems to be ufw's fault. You can either use iptables directly or I believe there is an option to enable forwarding on ufw which can also solve the issue. |
Ok. Sorry to bother, but I have everything working well except for one issue.
When i enable ufw and allow the ports 80, 443, and the 59000-59049 udp ports, the ICE cant establish a connection with the firewall up.
There must be another port I'm missing that neko needs to run.
The text was updated successfully, but these errors were encountered: