litecoin – Connection problem with my Lightning network node on port 9735

I'm working on Windows 10. I'm already successfully running a full Litecoin node. Disabling the Windows Firewall does not affect this issue.

I use litecoind-0.17.1 and Ind-0.7.0-beta,

I noticed two things:

2019-07-21 21: 24: 33.380 [INF] CMGR: Server listens for 127.0.0.1:1

and the error message:

2019-07-21 20: 32: 53.932 [ERR] SRVR: No connection to 028fdcc25bc8deeeaa087786b12560ec2c707f76795c1e8b4bda301ad3bea28ce9@X.X.X.X: 9735: Selecting TCP X.X.X.X.

Is it okay for the server to watch port 1? And why can not I connect to my computer through port 9735 even though the port should be open? Should I open a channel?

lnd.conf:

litecoin.active = 1
debuglevel = info
listen = 127.0.0.1: 9735
externalip = X.X.X.X
rpchost = 127.0.0.1
rpclisten = 0.0.0.0: 10009
restlists = 0.0.0.0: 10010
tlsextraip = X.X.X.X

Alias ​​= XXXX
color = # fa00f0
maxpendingchannels = 10
litecoin.mainnet = 1
litecoin.active = 1

litecoin.node = litecoind
litecoind.rpchost = 127.0.0.1
litecoind.rpcuser = XXXXXXXXXX
litecoind.rpcpass = XXXXXXXXXXXXXXXXXXXXXXXXXX
litecoind.zmqpubrawblock = tcp: //127.0.0.1: 29332
litecoind.zmqpubrawtx = tcp: //127.0.0.1: 29333

litecoin.conf:

server = 1
Daemon = 1
to list
maxconnections = 65
Timeout = 5200
mempoolexpiry = 340
addnode = 118.184.26.154
addnode = 112.74.50.226
addnode = 108.56.77.113
addnode = 144.76.238.49
addnode = 94.23.11.172
Bantime = 345600
externalip = X.X.X.X

rpcallowip = 127.0.0.1

port = 9333
rpcport = 9332
testnet = 0
txindex = 1
rpcuser = XXXXXXXXX
rpcpassword = XXXXXXXXXXXXXXXXXXXXXXXXXXXX
zmqpubrawblock = tcp: //127.0.0.1: 29332
zmqpubrawtx = tcp: //127.0.0.1: 29333
addresstype = p2sh-segwit
deprecatedrpc = signrawtransaction

Full nd protocol below:

2019-07-21 20: 32: 19.189 [INF] LTND: Version: 0.7.0-beta commit = v0.7.0-beta, build = production, logging = default
2019-07-21 20: 32: 19.190 [INF] LTND: Active chain: Litecoin (network = main network)
2019-07-21 20: 32: 19.200 [INF] CHDB: check for schema update: latest_version = 9, db_version = 9
2019-07-21 20: 32: 19.220 [INF] RPCS: Password RPC Server Monitoring 0.0.0.0:10009
2019-07-21 20: 32: 19.223 [INF] RPCS: Password The gRPC proxy was started at 0.0.0.0:10010
2019-07-21 20: 32: 19.234 [INF] LTND: Waiting for the password for wallet encryption. Use "lncli create" to create a wallet, "lncli unlock" to unlock an existing wallet, or "lncli changepassword" to change and unlock the password of an existing wallet.
2019-07-21 20: 32: 23.019 [INF] LNWL: Open wallet
2019-07-21 20: 32: 23.089 [INF] LTND: The primary chain is set to LiteCoin
2019-07-21 20: 32: 23.112 [INF] LNWL: Start listening to bitcoind block notifications via ZMQ at tcp: //127.0.0.1: 29332
2019-07-21 20: 32: 23.112 [INF] LTND: litecoind backed fee estimator is initialized
2019-07-21 20: 32: 23.112 [INF] LNWL: Start listening to Bitcoind transaction notifications through ZMQ at tcp: //127.0.0.1: 29333
2019-07-21 20: 32: 24,800 [INF] LNWL: The wallet was unlocked without time limit
2019-07-21 20: 32: 24.810 [INF] LTND: LightningWallet open
2019-07-21 20: 32: 25.073 [INF] HSWC: Restore the in-memory circuit state from the hard disk
2019-07-21 20: 32: 25.076 [INF] HSWC: Payment circuits loaded: num_pending = 0, num_open = 0
2019-07-21 20: 32: 25.109 [INF] LTND: Channel Backup Proxy Channel Notifier is started
2019-07-21 20: 32: 25.109 [INF] ATPL: instantiate autopilot with cfg: (* lnd.autoPilotConfig) (0xc000077480) ({
Active: (bool) false
Heuristic: (map[string]float64) (len = 1) {
(string) (len = 12) "preferred": (float64) 1
},
MaxChannels: (int) 5,
Distribution: (float64) 0.6,
MinChannelSize: (int64) 20000,
MaxChannelSize: (int64) 16777215,
Private: (bool) false,
MinConfs: (int32) 0,
ConfTarget: (uint32) 3
})

2019-07-21 20: 32: 25.120 [INF] RPCS: RPC server monitors 0.0.0.0:10009
2019-07-21 20: 32: 25.120 [INF] RPCS: The gRPC proxy was started at 0.0.0.0:10010
2019-07-21 20: 32: 25.124 [INF] LTND: Wait for the backend of the chain to complete synchronization start_height = 1671547
2019-07-21 20: 32: 25.821 [INF] LNWL: Rerun scan of block cc29b974cece1cfc5917abd5d0f1d611f89b68098fa8b28e7fa9699b28d7a141 (height 1671544) for 0 addresses started
2019-07-21 20: 32: 25.839 [INF] LNWL: Fetching block hashes to 1671547 may take a while
2019-07-21 20: 32: 26.187 [INF] LNWL: Block hashes caught up
2019-07-21 20: 32: 26.187 [INF] LNWL: Rescan for 0 addresses completed (synchronized with block 4d54031a8a994c8d17ce7ef65646665e02ef753ae8d543da6d01828bf65d6eeb, height 1671547)
2019-07-21 20: 32: 27.132 [INF] LTND: Chain backend is fully synchronized (end_height = 1671547)!
2019-07-21 20: 32: 27.140 [INF] NTFN: New subscription for block epochs
2019-07-21 20: 32: 27.140 [INF] HSWC: Start the HTLC switch
2019-07-21 20: 32: 27.252 [INF] NTFN: New subscription for block epochs
2019-07-21 20: 32: 27.254 [INF] NTFN: New subscription for block epochs
2019-07-21 20: 32: 27.256 [INF] NTFN: New subscription for block epochs
2019-07-21 20: 32: 27.257 [INF] DISC: Authenticated Gossiper will start
2019-07-21 20: 32: 27.258 [INF] BRAR: Launch contract observers, look for violations.
2019-07-21 20: 32: 27.258 [INF] NTFN: New subscription for block epochs
2019-07-21 20: 32: 27.266 [INF] CRTR: FilteredChainView is started
2019-07-21 20: 32: 27.275 [INF] CRTR: Filter chain with 0 active channels
2019-07-21 20: 32: 27.276 [INF] CRTR: Trim Tip for Channel Chart: height = 1671544, hash = cc29b974cece1cfc5917abd5d0f1d611f89b68098fa8b28e7fa9699b28d7a141
2019-07-21 20: 32: 27.277 [INF] CRTR: Channel graph of height = 1671544 (hash = cc29b974cece1cfc5917abd5d0f1d611f89b68098fa8b28e7fa9699b28d7a141) at height = 1671547 (hash = 4d54031a8a994c8d17ce7ef6564665
2019-07-21 20: 32: 27.295 [INF] CRTR: Block e558b9153f30b1f217539fd094c5b9e55b84c52a64565f3e5e4a91b3b5ae4137 (height = 1671545) has closed 0 channels
2019-07-21 20: 32: 27.307 [INF] CRTR: Block c3133127e12b7e96b3f0f7adfcf7ac199681e8b9f3d72024349a0d9c12a9c088 (height = 1671546) has closed 0 channels
2019-07-21 20: 32: 27.315 [INF] CRTR: Block 4d54031a8a994c8d17ce7ef65646665e02ef753ae8d543da6d01828bf65d6eeb (height = 1671547) has 0 channels closed
2019-07-21 20: 32: 27.315 [INF] CRTR: Graph cleanup completed: 0 channels have been closed since altitude 1671544
2019-07-21 20: 32: 27.332 [INF] CHBU: chanbackup.SubSwapper is started
2019-07-21 20: 32: 27.338 [INF] CMGR: Server listens for 127.0.0.1:1
2019-07-21 20: 32: 27.341 [INF] SRVR: Initializing Peer Network Bootstraps!
2019-07-21 20: 32: 27.348 [INF] SRVR: Create DNS Peer Bootstrapper with Seeds: [[ltc.nodes.lightning.directory soa.nodes.lightning.directory]]2019-07-21 20: 32: 27.342 [INF] CHBU: Update the backup file to C:  Users  root  AppData  Local  Lnd  data  chain  litecoin  mainnet  channel.backup
2019-07-21 20: 32: 27.363 [INF] DISC: Attempting to Boot with BOLT-0010 DNS Seed: [[ltc.nodes.lightning.directory soa.nodes.lightning.directory]]2019-07-21 20: 32: 27.374 [INF] CHBU: Outdated the old multi-backup file from C:  Users  root  AppData  Local  Lnd  data  chain  litecoin  mainnet  temp-dont-use.backup to C:  Users  root  AppData  Local  Nd  data  chain  litecoin  mainnet  channel.backup
2019-07-21 20: 32: 32.831 [INF] DISC: An attempt is made to bootstrap with: Authenticated Channel Graph
2019-07-21 20: 32: 32.831 [INF] DISC: Get 1 Addrs to the bootstrap network with
2019-07-21 20: 32: 37.933 [INF] DISC: Attempting to Boot with BOLT-0010 DNS Seed: [[ltc.nodes.lightning.directory soa.nodes.lightning.directory]]2019-07-21 20: 32: 38.314 [INF] DISC: An attempt is made to bootstrap with: Authenticated Channel Graph
2019-07-21 20: 32: 38.314 [ERR] SRVR: First bootstrap peers can not be retrieved: No addresses were found
2019-07-21 20: 32: 42.319 [INF] DISC: Attempting to Boot with BOLT-0010 DNS Seed: [[ltc.nodes.lightning.directory soa.nodes.lightning.directory]]2019-07-21 20: 32: 42.587 [INF] DISC: An attempt is made to bootstrap with: Authenticated Channel Graph
2019-07-21 20: 32: 42.587 [ERR] SRVR: First bootstrap peers can not be retrieved: No addresses were found
2019-07-21 20: 32: 50.594 [INF] DISC: Attempting to Boot with BOLT-0010 DNS Seed: [[ltc.nodes.lightning.directory soa.nodes.lightning.directory]]2019-07-21 20: 32: 50.968 [INF] DISC: An attempt is made to bootstrap with: Authenticated Channel Graph
2019-07-21 20: 32: 50.968 [ERR] SRVR: First bootstrap peers can not be retrieved: No addresses were found
2019-07-21 20: 32: 53.932 [ERR] SRVR: No connection to 028fdcc25bc8deeeaa087786b12560ec2c707f76795c1e8b4bda301ad3bea28ce9@X.X.X.X: 9735: Selecting TCP X.X.X.X.
2019-07-21 20: 33: 07.207 [INF] DISC: An attempt is made to bootstrap with: Authenticated Channel Graph
2019-07-21 20: 33: 07.207 [INF] DISC: Attempting to Boot with BOLT-0010 DNS Seed: [[ltc.nodes.lightning.directory soa.nodes.lightning.directory]]2019-07-21 20: 33: 07.608 [ERR] SRVR: First bootstrap peers can not be retrieved: No addresses were found
2019-07-21 20: 33: 20.551 [INF] LTND: Received interruption
2019-07-21 20: 33: 20.551 [INF] LTND: shutdown ...
2019-07-21 20: 33: 20.556 [INF] LTND: Gracefully shut down.
2019-07-21 20: 33: 20.556 [INF] HSWC: Block Epoch Aborted, Hash Log Shut Down
2019-07-21 20: 33: 20.556 [INF] CRTR: FilteredChainView is stopped
2019-07-21 20: 33: 20.557 [INF] HSWC: HTLC switch shuts down
2019-07-21 20: 33: 20.558 [INF] UTXN: UTXO kindergarten is shutting down
2019-07-21 20: 33: 20.564 [INF] BRAR: Breach Arbiter is shutting down
2019-07-21 20: 33: 20.578 [INF] DISC: Authenticated Gossiper stops
2019-07-21 20: 33: 20.581 [INF] CNCT: Stop ChainArbitrator
2019-07-21 20: 33: 20.591 [INF] FNDG: The funding manager shuts down
2019-07-21 20: 33: 20.591 [INF] CHBU: stopping chanbackup.SubSwapper
2019-07-21 20: 33: 20.603 [INF] RPCS: Stop the RPC Server
2019-07-21 20: 33: 20.618 [INF] RPCS: Stop the RouterRPC Sub-RPC Server
2019-07-21 20: 33: 20.620 [INF] RPCS: Stop the SignRPC Sub-RPC Server
2019-07-21 20: 33: 20.636 [INF] RPCS: Stop the AutopilotRPC Sub-RPC Server
2019-07-21 20: 33: 20.648 [INF] RPCS: Stop the ChainRPC Sub-RPC Server
2019-07-21 20: 33: 20.658 [INF] RPCS: Stopping InvoicesRPC Sub-RPC Server
2019-07-21 20: 33: 20.672 [INF] RPCS: Stop WalletKitRPC sub-RPC server
2019-07-21 20: 33: 20.675 [INF] RPCS: Stop the Watchtower RPC Sub-RPC Server
2019-07-21 20: 33: 20.682 [INF] LTND: shutdown completed

What is the rule that a tourist visa holder entering the land border near the port of entry does not need I-94?

My "friend" (owner of a multiple-entry B2 tourist visa) recently traveled twice from Mexico to the United States every 10 days or so.

The first entry was via the CrossBorder Express (CBX) after an inbound flight at TIJ.

The second entrance was via the entrance port of Otay Mesa, the personal vehicle lanes.

I was with my friend at the 2nd entry. My friend was asked "Where are you going to stay?"and answered"San Diego"Then the officer asked:"Will you stay in San Diego for the entire duration of your trip?"To which my friend has answered"No, I also want to visit Los Angeles."

The officer then advised my friend to walk into the building next to the vehicle lanes and pay $ 6 to get an I-94 "permit" and get an entry stamp on the pass. At the time, my friend noticed that the passport lacked an entry stamp from arrival via CBX. The official explained that someone who only wants to stay in San Diego ("until Del Mar" in his words) would not have to do so and that the same rule applies to CBX, so it would be normal for my friend to be missing both the I-94 as well as the entry stamp.

The I-94 was on display and my friend traveled to the USA without any problems.

However, I post this question because in my almost 30 years of experience as a "user" of the US immigration system I have never heard of this rule. A Google search for "I-94 land border" delivers tons of postings to another rule – the one that says you can enter the country border with an expired visa with a valid I-94. Not valid here.

By the way, all the border officials of Otay Mesa we've worked with refer to the I-94 as "Permit" or "Permisso", though I think that's technically not the right term. Very confusing.

TL; DR

What exactly is the rule that states that a tourist visa who enters the land border near the port of entry does not need an I-94 and passport entry stamp? What is the exact distance the person may travel from the port of entry? What is the legal status of a person who has entered without such a stamp and without I-94?

server – port forwarding through SSH tunnel Warning displayed: Redirection of the remote port for list port 99 failed

I am trying to secure the phpMyAdmin to publicly revoke access. I tried to follow step 4 of this link
Save PhpMyAdmin. However, when attempting to connect, a warning is displayed that can not be forwarded to the remote host.

I ran Apache server on this port. I tried to access a public Linux server, but that did not work either. I'm trying to access the Mac. However, it should not be a problem with the platform of the remote PC.

I was able to forward a port on which nothing is running. However, Apache2 could not be started on this port after the connection was established.

Security – Securing the administrator on a separate port

I'm trying to back up the admin pages (/ admin / *) and the login page (/ user / login) on port 8443. I did this successfully with the following command in Apache 2.4:


    
    
    
    Servername example.com:443
Server Alias ​​Drupal
DocumentRoot "/opt/rh/httpd24/root/var/www/html/example.com/current"
    
            All denied require
    



    
    
    
    Servername example.com: 8443
Server Alias ​​Drupal
DocumentRoot "/opt/rh/httpd24/root/var/www/html/example.com/current"

The problem I have is if I go to https://www.example.com:8443/user/login and log in, I will go to http://www.example.com:8443/user/1 diverted.

This generates a 400 error – faulty request. Attempts to deliver http content over an SSL port.

How can I tell drupal to stay on the https protocol and stay on port 8443?

apache 2.2 – Multiple instances that map hosts to port

I'm trying to set up a development environment that I can step into:

project1.com in a browser and go to a specific directory. project2.com changes to another directory. The challenge is, I use laravel and directories set up with artisans are determined by port.

So I want to map something like this:

// I know this does not work, I'm just trying to show what I'm trying to do

127.0.0.1:8000 project1.com
127.0.0.1:8001 project2.com

Is there a way in combination with virtual hosts?





DocumentRoot "/ project1 /"
DirectoryIndex index.php
Server name project1
ServerAlias ​​www.laravel.test
    
    Options All
AllowOverride All
Order Allow, Deny
Allow of all



    



DocumentRoot "/ project2 /"
DirectoryIndex index.php
Server name project2
ServerAlias ​​www.laravel.test
    
    Options All
AllowOverride All
Order Allow, Deny
Allowing all


virtualbox – Why can not I redirect from my host port 8080 to guest port 80 (Mojave)?

I'm using a virtual machine to work with WordPress. I have a database on my VM Linux computer in VBox and use a Mac. I created a pf.anchor named com.user.forwarding And it's called

rdr pass inet proto tcp from each to every port 8080 -> 127.0.0.1 port 80

my pf.conf File says:

scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
rdr-anchor "org.user.forwarding"
dummynet-anchor "com.apple/*"
Anchor "com.apple/*"
load the anchor "com.apple" from "/etc/pf.anchors/com.apple"
load the anchor "org.user.forwarding" from "/etc/pf.anchors/org.user.forwarding"

In my VBox with NAT, my settings are:

my settings in VBox

and in my hosts file is:

##
# Host database
#
# localhost is used to configure the loopback interface
# when the system starts up. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
127.0.0.1 mywebsite.com
:: 1 localhost

When I go to localhost: 80 / wp-admin, I get the message "Safari can not open the localhost / wp-admin / page because the server hosting this page does not respond." My VM ran Nginx and Mariadb.

I searched for the sysctl.conf file on my Mac and it does not exist. What's happening???

Network – Linux router port forwarding with iptables

I'm trying to create a port forwarding rule on my Linux router. I try the following rules:

iptables -t nat -A PREROUTING -i $ WAN -p tcp -dport 4242 -j DNAT --to-destination 192.168.2.1:22
iptables -A FORWARD -i $ WAN -p tcp -dport 22 -d 192.168.2.1 -m state -state NEW, ESTABLISHED, RELATED -j ACCEPT

The problem is that when trying to connect from a remote computer, the package is dropped from an INPUT rule according to the logs:

DROPIN> IN = ppp0 OUT = MAC = SRC = $ source_ip DST = 192.168.2.1 LEN = 60 TOS = 0x00 PREC = 0x00 TTL = 54 ID = 61883 DF PROTO = TCP SPT = 57684 DPT = 22 WINDOW = 29200 RES = 0x00 SYN URGP = 0
DROPIN> IN = ppp0 OUT = MAC = SRC = $ source_ip DST = 192.168.2.1 LEN = 60 TOS = 0x00 PREC = 0x00 TTL = 54 ID = 61884 DF PROTO = TCP SPT = 57684 DPT = 22 WINDOW = 29200 RES = 0x00 SYN URGP = 0

This means I'm missing an INPUT rule. If I use an INPUT rule, then I will not open the port globally for the Internet?

Here is my whole iptables.sh just in case:

#! / usr / bin / env bash

PATH =? / Sbin & # 39;

WAN = ppp0
LAN = enp1s0
VLAN10 = enp1s0.10
VLAN20 = enp1s0.20
VLAN30 = enp1s0.30

LAN_NET = 192.168.2.0 / 24
VLAN10_NET = 192.168.10.0 / 24
VLAN20_NET = 192.168.20.0 / 24
VLAN30_NET = 192.168.30.0 / 24

echo "Flushing rules"

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

echo "Allow loopback"
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

echo "Delete invalid states"
iptables -A INPUT -m conntrack -ctstate INVALID -j DROP
iptables -A OUTPUT -m conntrack -ctstate INVALID -j DROP
iptables -A FORWARD -m conntrack -ctstate INVALID -j DROP

echo "Allow existing and related connections"
iptables -A INPUT -m conntrack -ctstate ESTABLISHED, RELATED -j ACCEPT
iptables -A OUTPUT -m conntrack -ctstate ESTABLISHED, RELATED -j ACCEPT
iptables -A FORWARD -m conntrack -ctstate ESTABLISHED, RELATED -j ACCEPT

echo "Rate limit ICMP traffic per source"
iptables -p icmp --icmp -type echo-request -m hashlimit --hashlimit-up to 5 / s --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name icmp-echo-drop -j ACCEPT

echo "Allow DHCP"
iptables -I INPUT -i $ LAN -p udp -m udp -dport 67 -m conntrack -ctstate NEW -j ACCEPT
iptables -I INPUT -i $ VLAN10 -p udp -m udp -dport 67 -m conntrack -ctstate NEW -j ACCEPT
iptables -I INPUT -i $ VLAN20 -p udp -m udp -dport 67 -m conntrack -ctstate NEW -j ACCEPT
iptables -I INPUT -i $ VLAN30 -p udp -m udp -dport 67 -m conntrack -ctstate NEW -j ACCEPT

echo "Allow SSH from LAN"
iptables -A INPUT -i $ LAN -s $ LAN_NET -p tcp -dport 22 -m conntrack -ctstate NEW -j ACCEPT

echo "Allow SSH from VLAN10"
iptables -A INPUT -i $ VLAN10 -s $ VLAN10_NET -p tcp -dport 22 -m conntrack -ctstate NEW -j ACCEPT

Echo "Port Forward SSH external 4242 to local 22"
iptables -t nat -A PREROUTING -i $ WAN -p tcp -dport 4242 -j DNAT --to-destination 192.168.2.1:22
iptables -A FORWARD -i $ WAN -p tcp -dport 22 -d 192.168.2.1 -m state -state NEW, ESTABLISHED, RELATED -j ACCEPT

echo "Allow DNS (UDP and TCP for big answers)"
iptables -A INPUT -i $ LAN -s $ LAN_NET -p udp -dport 53 -m conntrack -ctstate NEW -j ACCEPT
iptables -A INPUT -i $ LAN -s $ LAN_NET -p tcp -dport 53 -m conntrack -ctstate NEW -j ACCEPT
iptables -A INPUT -i $ VLAN10 -s $ VLAN10_NET -p udp -dport 53 -m conntrack -ctstate NEW -j ACCEPT
iptables -A INPUT -i $ VLAN10 -s $ VLAN10_NET -p tcp -dport 53 -m conntrack -ctstate NEW -j ACCEPT
iptables -A INPUT -i $ VLAN20 -s $ VLAN20_NET -p udp -dport 53 -m conntrack -ctstate NEW -j ACCEPT
iptables -A INPUT -i $ VLAN20 -s $ VLAN20_NET -p tcp -dport 53 -m conntrack -ctstate NEW -j ACCEPT
iptables -A INPUT -i $ VLAN30 -s $ VLAN30_NET -p udp -dport 53 -m conntrack -ctstate NEW -j ACCEPT
iptables -A INPUT -i $ VLAN30 -s $ VLAN30_NET -p tcp -dport 53 -m conntrack -ctstate NEW -j ACCEPT

Echo "Delete External DNS"
iptables -A FORWARD -o $ WAN -i $ LAN -s $ LAN_NET -p udp -dport 53 -m conntrack -ctstate NEW -j DROP
iptables -A FORWARD -o $ WAN -i $ LAN -s $ LAN_NET -p tcp -dport 53 -m conntrack -ctstate NEW -j DROP
iptables -A FORWARD -o $ WAN -i $ VLAN10 -s $ VLAN10_NET -p udp -dport 53 -m conntrack -ctstate NEW -j DROP
iptables -A FORWARD -o $ WAN -i $ VLAN10 -s $ VLAN10_NET -p tcp -dport 53 -m conntrack -ctstate NEW -j DROP
iptables -A FORWARD -o $ WAN -i $ VLAN20 -s $ VLAN20_NET -p udp -dport 53 -m conntrack -ctstate NEW -j DROP
iptables -A FORWARD -o $ WAN -i $ VLAN20 -s $ VLAN20_NET -p tcp -dport 53 -m conntrack -ctstate NEW -j DROP
iptables -A FORWARD -o $ WAN -i $ VLAN30 -s $ VLAN30_NET -p udp -dport 53 -m conntrack -ctstate NEW -j DROP
iptables -A FORWARD -o $ WAN -i $ VLAN30 -s $ VLAN30_NET -p tcp -dport 53 -m conntrack -ctstate NEW -j DROP

Echo "Drop external DoT"
iptables -A FORWARD -o $ WAN -i $ LAN -s $ LAN_NET -p tcp -dport 853 -m conntrack -ctstate NEW -j DROP
iptables -A FORWARD -o $ WAN -i $ VLAN10 -s $ VLAN10_NET -p tcp -dport 853 -m conntrack -ctstate NEW -j DROP
iptables -A FORWARD -o $ WAN -i $ VLAN20 -s $ VLAN20_NET -p tcp -dport 853 -m conntrack -ctstate NEW -j DROP
iptables -A FORWARD -o $ WAN -i $ VLAN30 -s $ VLAN30_NET -p tcp -dport 853 -m conntrack -ctstate NEW -j DROP

echo "Enable network address translation"
iptables -t nat-A POSTROUTING -o $ WAN -j MASQUERADE
iptables -A FORWARD -o $ WAN -i $ LAN -s $ LAN_NET -m conntrack -ctstate NEW -j ACCEPT
iptables -A FORWARD -o $ WAN -i $ VLAN10 -s $ VLAN10_NET -m conntrack -ctstate NEW -j ACCEPT
iptables -A FORWARD -o $ WAN -i $ VLAN20 -s $ VLAN20_NET -m conntrack -ctstate NEW -j ACCEPT
iptables -A FORWARD -o $ WAN -i $ VLAN30 -s $ VLAN30_NET -m conntrack -ctstate NEW -j ACCEPT

echo "Enable TCP MSS Clamping"
iptables -t mangle -A FORWARD -o $ WAN -p tcp -m tcp --tcp flags SYN, RST SYN -j TCPMSS --clamp-mss-to-pmtu

echo "Do not answer with unreachable destination messages"
iptables -A OUTPUT -p icmp --icmp -type destination-unreachable -j DROP

echo "Log all discarded packages"
iptables -A INPUT -m limit --limit 1 / sec -j LOG - Log level debug --log prefix -> DROPIN> & # 39;
iptables -A OUTPUT -m limit --limit 1 / sec -j LOG - Log level debug --log prefix & # 39; DROPOUT> & # 39;
iptables -A FORWARD -m limit --limit 1 / sec -j LOG - Log-level debug --log prefix & # 39; DROPFWD> & # 39;

Thanks in advance for any help!

Wireless Network – Determine if the UDP port 5353 is blocked by the router's firewall

What utilities or tools can I use to verify that my router's firewall blocks UDP port 5353 for devices on the network?

Context:

I've connected a scanner to my network via Wi-Fi and I'm trying to use third-party scanning software on my Mac (my Mac is connected to the same Wi-Fi network as the scanner). The manufacturer-supplied scanning software on my Mac can recognize my scanner, but not third-party scanning.

I was asked to verify that the firewall of my router blocked port 5353. The software detects scanners on the network using UDP port 5353 using Muticast DNS (mDNS, also known as Bonjour on Mac OS).

For reference, my router is a TP Link Archer C7 v2 (manual here).