No Ip address associated after installing zerotier on a linux node with iptables firewall active

Hello friends,
I have installed zerotier on a linux debian jessie server equipped with iptables firewall
firstly zerotier-cli info was showing OFFLINE/TUNNELED
then I add

iptables -t filter -A INPUT -p udp --dport 9993 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 9993 -j ACCEPT

inside my firewall file and executed it
now zerotier-cli info shows ONLINE
but from the zerotier website my network displays the created node with:

• no IP address
• no last seen
• no version
• no physicall address

Please tell me what I have to do to solve this issue

Here are some details about the node

root@Asterisk:/home/support# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0e:c4:ce:df:1f
inet addr:192.168.7.81 Bcast:192.168.7.255 Mask:255.255.255.0
inet6 addr: fe80::20e:c4ff:fece:df1f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:117247 errors:0 dropped:0 overruns:0 frame:0
TX packets:67657 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:69710256 (66.4 MiB) TX bytes:12650472 (12.0 MiB)
Memory:f7300000-f731ffff

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:118 errors:0 dropped:0 overruns:0 frame:0
TX packets:118 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16056 (15.6 KiB) TX bytes:16056 (15.6 KiB)

root@Asterisk:/home/support# zerotier-cli info
200 info 56cbace989 1.8.4 ONLINE

root@Asterisk:/home/support# zerotier-cli status
200 info 56cbace989 1.8.4 ONLINE

root@Asterisk:/home/support# zerotier-cli info -j
{
“address”: “56cbace989”,
“clock”: 1671305067993,
“config”: {
“settings”: {
“allowTcpFallbackRelay”: true,
“portMappingEnabled”: true,
“primaryPort”: 9993,
“softwareUpdate”: “disable”,
“softwareUpdateChannel”: “release”
}
},
“online”: true,
“planetWorldId”: 149604618,
“planetWorldTimestamp”: 1644592324813,
“publicIdentity”: “56cbace989:0:c06db750662937ab32f3d6994f6c3aedd034dae068d28ca6b20ef840e4f9671a6cc8338001e4bf8fe3cf1dca0be70e5fe896a27715c0cc19567205e767aa4711”,
“tcpFallbackActive”: false,
“version”: “1.8.4”,
“versionBuild”: 0,
“versionMajor”: 1,
“versionMinor”: 8,
“versionRev”: 4
}

root@Asterisk:/home/support# zerotier-cli listpeers
200 listpeers
200 listpeers 62f865ae71 50.7.252.138/9993;-1;2339 271 - PLANET
200 listpeers 778cde7190 103.195.103.66/9993;2610;2401 210 - PLANET
200 listpeers 7a01a0ad20 - -1 - LEAF
200 listpeers 7ac4100978 - -1 - LEAF
200 listpeers cafe04eba9 84.17.53.155/9993;12620;2476 134 - PLANET
200 listpeers cafe9efeb9 104.194.8.134/9993;2610;2350 261 - PLANET
200 listpeers d9de998409 - -1 - LEAF

root@Asterisk:/home/support# zerotier-cli listnetworks
200 listnetworks

Please help
and tell me what I should probably add in the firewall file in order to give the possibility to

Hello,
I don’t think the rules are accepting enough, especially if the server is behind NAT and/or your peers are behind NAT.

I like to use this:
-A OUTPUT -m owner --uid-owner zerotier-one -j ACCEPT

The installer creates a zerotier-one user that zerotier runs as. This lets zerotier send to any port. Your peers might not all be at 9993. The my.zerotier.com controllers aren’t, for example.

If that isn’t enough, you can add the classic:
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.