NoMachine Forum - OpenSUSE 42.2 firewall

This topic has 7 replies, 3 voices, and was last updated 6 years, 8 months ago by Britgirl.

Viewing 8 posts - 1 through 8 (of 8 total)

Author

Posts

April 18, 2017 at 09:27 #14430

gjalt

Participant

I can’t connect to NoMachine over the internet when my opensuse firewall is enabled.

How can i configure my firewall so i can reach my NoMachine server

April 20, 2017 at 13:57 #14487

kroy

Contributor

You don’t need to change rules manually on native firewall on openSUSE 42.2. You don’t need set your router either provided it accepts UPnP or NAT-PMP commands. In that case your IP and port, which you can use to connect over the internet, should be listed on NoMachine’s Welcome Screen page. Otherwise you need to configure the router manually to pass traffic to port 4000 (NX protocol), 22 (SSH protocol). More information about firewall or router settings you can find in the article: https://www.nomachine.com/AR11L00827.

April 21, 2017 at 07:06 #14510

gjalt

Participant

when i disable my opensuse firewall, my external ip adress is shown in the welcome screen, when i turn on my opensuse firewall it is not. It is also not possible to check the gateway port in connection preferences

April 21, 2017 at 07:06 #14511

gjalt

Participant

my router supports UPnP

April 24, 2017 at 15:08 #14558

kroy

Contributor

We couldn’t reproduce problem on the same OS. Are you using native firewall? Can you show us your firewall rules? Please paste here output from sudo iptables-save command.

April 26, 2017 at 07:24 #14563

gjalt

Participant

I am using native firewall
This is the output of iptables
I hope you guys can figure it out.

test@192:~> sudo iptables-save
root's password:
# Generated by iptables-save v1.4.21 on Mon Apr 24 18:06:38 2017
*raw
:PREROUTING ACCEPT [1999426:941247786]
:OUTPUT ACCEPT [1300808:83449112]
-A PREROUTING -i lo -j CT --notrack
-A OUTPUT -o lo -j CT --notrack
COMMIT
# Completed on Mon Apr 24 18:06:38 2017
# Generated by iptables-save v1.4.21 on Mon Apr 24 18:06:38 2017
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1300220:83371452]
:forward_ext - [0:0]
:input_ext - [0:0]
:reject_func - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m conntrack --ctstate RELATED -j ACCEPT
-A INPUT -p udp -m multiport --dports 5353 -j ACCEPT
-A INPUT -j input_ext
-A INPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-IN-ILL-TARGET " --log-tcp-options --log-ip-options
-A INPUT -j DROP
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix "SFW2-FWD-ILL-ROUTING " --log-tcp-options --log-ip-options
-A OUTPUT -o lo -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1714 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1715 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1716 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1717 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1718 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1719 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1720 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1721 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1722 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1723 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1724 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1725 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1726 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1727 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1728 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1729 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1730 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1731 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1732 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1733 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1734 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1735 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1736 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1737 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1738 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1739 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1740 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1741 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1742 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1743 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1744 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1745 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1746 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1747 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1748 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1749 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1750 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1751 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1752 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1753 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1754 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1755 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1756 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1757 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1758 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1759 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1760 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1761 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1762 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1763 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 1764 -j ACCEPT
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A input_ext -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 20224 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 20224 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 4000 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 4000 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 4011:4999 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 4011:4999 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1714 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1714 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1715 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1715 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1716 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1716 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1717 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1717 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1718 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1718 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1719 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1719 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1720 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1721 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1721 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1722 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1722 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1723 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1724 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1724 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1725 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1725 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1726 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1726 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1727 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1727 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1728 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1728 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1729 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1729 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1730 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1730 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1731 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1731 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1732 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1732 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1733 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1733 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1734 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1734 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1735 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1735 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1736 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1736 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1737 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1737 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1738 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1738 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1739 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1739 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1740 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1740 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1741 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1741 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1742 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1742 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1743 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1743 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1744 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1744 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1745 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1745 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1746 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1746 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1747 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1747 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1748 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1748 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1749 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1749 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1750 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1750 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1751 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1751 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1752 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1752 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1753 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1753 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1754 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1754 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1755 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1755 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1756 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1756 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1757 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1757 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1758 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1758 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1759 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1759 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1760 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1760 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1761 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1761 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1762 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1762 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1763 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1763 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 1764 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 1764 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 5800:5899 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 5800:5899 -j ACCEPT
-A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 5900:5999 --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 5900:5999 -j ACCEPT
-A input_ext -p udp -m udp --dport 20224 -j ACCEPT
-A input_ext -p udp -m udp --dport 4000:4999 -j ACCEPT
-A input_ext -p udp -m udp --dport 1714 -j ACCEPT
-A input_ext -p udp -m udp --dport 1715 -j ACCEPT
-A input_ext -p udp -m udp --dport 1716 -j ACCEPT
-A input_ext -p udp -m udp --dport 1717 -j ACCEPT
-A input_ext -p udp -m udp --dport 1718 -j ACCEPT
-A input_ext -p udp -m udp --dport 1719 -j ACCEPT
-A input_ext -p udp -m udp --dport 1720 -j ACCEPT
-A input_ext -p udp -m udp --dport 1721 -j ACCEPT
-A input_ext -p udp -m udp --dport 1722 -j ACCEPT
-A input_ext -p udp -m udp --dport 1723 -j ACCEPT
-A input_ext -p udp -m udp --dport 1724 -j ACCEPT
-A input_ext -p udp -m udp --dport 1725 -j ACCEPT
-A input_ext -p udp -m udp --dport 1726 -j ACCEPT
-A input_ext -p udp -m udp --dport 1727 -j ACCEPT
-A input_ext -p udp -m udp --dport 1728 -j ACCEPT
-A input_ext -p udp -m udp --dport 1729 -j ACCEPT
-A input_ext -p udp -m udp --dport 1730 -j ACCEPT
-A input_ext -p udp -m udp --dport 1731 -j ACCEPT
-A input_ext -p udp -m udp --dport 1732 -j ACCEPT
-A input_ext -p udp -m udp --dport 1733 -j ACCEPT
-A input_ext -p udp -m udp --dport 1734 -j ACCEPT
-A input_ext -p udp -m udp --dport 1735 -j ACCEPT
-A input_ext -p udp -m udp --dport 1736 -j ACCEPT
-A input_ext -p udp -m udp --dport 1737 -j ACCEPT
-A input_ext -p udp -m udp --dport 1738 -j ACCEPT
-A input_ext -p udp -m udp --dport 1739 -j ACCEPT
-A input_ext -p udp -m udp --dport 1740 -j ACCEPT
-A input_ext -p udp -m udp --dport 1741 -j ACCEPT
-A input_ext -p udp -m udp --dport 1742 -j ACCEPT
-A input_ext -p udp -m udp --dport 1743 -j ACCEPT
-A input_ext -p udp -m udp --dport 1744 -j ACCEPT
-A input_ext -p udp -m udp --dport 1745 -j ACCEPT
-A input_ext -p udp -m udp --dport 1746 -j ACCEPT
-A input_ext -p udp -m udp --dport 1747 -j ACCEPT
-A input_ext -p udp -m udp --dport 1748 -j ACCEPT
-A input_ext -p udp -m udp --dport 1749 -j ACCEPT
-A input_ext -p udp -m udp --dport 1750 -j ACCEPT
-A input_ext -p udp -m udp --dport 1751 -j ACCEPT
-A input_ext -p udp -m udp --dport 1752 -j ACCEPT
-A input_ext -p udp -m udp --dport 1753 -j ACCEPT
-A input_ext -p udp -m udp --dport 1754 -j ACCEPT
-A input_ext -p udp -m udp --dport 1755 -j ACCEPT
-A input_ext -p udp -m udp --dport 1756 -j ACCEPT
-A input_ext -p udp -m udp --dport 1757 -j ACCEPT
-A input_ext -p udp -m udp --dport 1758 -j ACCEPT
-A input_ext -p udp -m udp --dport 1759 -j ACCEPT
-A input_ext -p udp -m udp --dport 1760 -j ACCEPT
-A input_ext -p udp -m udp --dport 1761 -j ACCEPT
-A input_ext -p udp -m udp --dport 1762 -j ACCEPT
-A input_ext -p udp -m udp --dport 1763 -j ACCEPT
-A input_ext -p udp -m udp --dport 1764 -j ACCEPT
-A input_ext -m pkttype --pkt-type multicast -j DROP
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -p udp -m limit --limit 3/min -m conntrack --ctstate NEW -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -j DROP
-A reject_func -p tcp -j REJECT --reject-with tcp-reset
-A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject_func -j REJECT --reject-with icmp-proto-unreachable
COMMIT
# Completed on Mon Apr 24 18:06:38 2017

May 10, 2017 at 08:09 #14732

kroy

Contributor

Despite hard efforts we weren’t able to reproduce such problem. Can you enable debug and restart nxserver (sudo /usr/NX/bin/nxserver –restart)? After that check again if external IP and port shows in the welcome screen with enabled firewall.

If you can still reproduce issue check it also in –upnpstatus command output (sudo /usr/NX/bin/nxserver –upnpstatus). If not – please collect logs from server side and send them to forum[at]nomachine[dot]com. Send also file with SuSEfirewall2 configuration (sudo SuSEfirewall2 status > /tmp/output_of_susefirewall2.txt).

Instructions about debug and collecting logs you can find there: https://www.nomachine.com/DT07M00098#1.

August 16, 2017 at 15:08 #15526

Britgirl

Keymaster

Since we’ve not heard any further news, I suggest you to update to the latest version of NoMachine and let us know if the problem is still there.

Author

Posts

Viewing 8 posts - 1 through 8 (of 8 total)

Closed because the user did not provide further feedback. Please notify us if you confirm that it is resolved or open a new topic if you have the same problem.