Ufw blocking some traffic on 9993/udp

jacob · December 30, 2020, 7:59pm

I’ve got a fairly large (70 machines) zerotier network going.

Everything is going fine except for this:

Dec 30 19:54:27 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:d8:12:65:e5:83:00:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=56035 PROTO=2
Dec 30 19:54:31 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba DST=ff02:0000:0000:0000:0000:0001:ff00:0001 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:54:36 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.5 DST=190.73.246.100 LEN=32 TOS=0x00 PREC=0x00 TTL=2 ID=55699 PROTO=UDP SPT=44397 DPT=57555 LEN=12
Dec 30 19:54:38 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=33:33:ff:a4:e9:ba:d8:12:65:e5:83:00:86:dd SRC=fe80:0000:0000:0000:0000:0000:0000:0001 DST=ff02:0000:0000:0000:0000:0001:ffa4:e9ba LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:54:47 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:d8:12:65:e5:83:00:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=56036 PROTO=2
Dec 30 19:54:51 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba DST=ff02:0000:0000:0000:0000:0001:ff00:0001 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:54:55 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.5 DST=5.189.140.43 LEN=56 TOS=0x00 PREC=0x00 TTL=255 ID=32550 PROTO=UDP SPT=9993 DPT=56245 LEN=36
Dec 30 19:54:56 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=33:33:ff:a4:e9:ba:d8:12:65:e5:83:00:86:dd SRC=fe80:0000:0000:0000:0000:0000:0000:0001 DST=ff02:0000:0000:0000:0000:0001:ffa4:e9ba LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:55:07 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:d8:12:65:e5:83:00:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=56037 PROTO=2
Dec 30 19:55:11 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba DST=ff02:0000:0000:0000:0000:0001:ff00:0001 LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:55:15 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.5 DST=190.73.246.100 LEN=32 TOS=0x00 PREC=0x00 TTL=2 ID=56410 PROTO=UDP SPT=9993 DPT=57555 LEN=12
Dec 30 19:55:22 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=33:33:ff:a4:e9:ba:d8:12:65:e5:83:00:86:dd SRC=fe80:0000:0000:0000:0000:0000:0000:0001 DST=ff02:0000:0000:0000:0000:0001:ffa4:e9ba LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0
Dec 30 19:55:27 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:d8:12:65:e5:83:00:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=56038 PROTO=2
Dec 30 19:55:30 alarm kernel: [UFW BLOCK] IN= OUT=lo SRC=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba DST=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba LEN=245 TC=0 HOPLIMIT=64 FLOWLBL=49461 PROTO=ICMPv6 TYPE=1 CODE=3 [SRC=2405:4800:10bf:1376:dea6:32ff:fea4:e9ba DST=2605:9880:0400:00c3:0254:f2bc:a1f7:0019 LEN=197 TC=0 HOPLIMIT=64 FLOWLBL=237596 PROTO=UDP SPT=9993 DPT=9993 LEN=157 ]
cDec 30 19:55:37 alarm kernel: [UFW BLOCK] IN= OUT=eth0 SRC=192.168.1.5 DST=34.71.98.154 LEN=32 TOS=0x00 PREC=0x00 TTL=2 ID=55315 PROTO=UDP SPT=44396 DPT=60377 LEN=12
Dec 30 19:55:39 alarm kernel: [UFW BLOCK] IN=eth0 OUT= MAC=33:33:ff:a4:e9:ba:d8:12:65:e5:83:00:86:dd SRC=fe80:0000:0000:0000:0000:0000:0000:0001 DST=ff02:0000:0000:0000:0000:0001:ffa4:e9ba LEN=72 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=135 CODE=0

(some) traffic on 9993 is getting blocked and I don’t know why.

UFW status verbose be like:

$ ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
123                        DENY IN     Anywhere
9993/udp                   ALLOW IN    Anywhere
53/udp                     ALLOW IN    Anywhere
443                        DENY IN     Anywhere
80                         DENY IN     Anywhere
53 (DNS)                   DENY IN     Anywhere
22 (v6)                    ALLOW IN    Anywhere (v6)
123 (v6)                   DENY IN     Anywhere (v6)
9993/udp (v6)              ALLOW IN    Anywhere (v6)
53/udp (v6)                ALLOW IN    Anywhere (v6)
443 (v6)                   DENY IN     Anywhere (v6)
80 (v6)                    DENY IN     Anywhere (v6)
53 (DNS (v6))              DENY IN     Anywhere (v6)

443                        ALLOW OUT   Anywhere
80                         ALLOW OUT   Anywhere
123                        ALLOW OUT   Anywhere
53 (DNS)                   ALLOW OUT   Anywhere
9993/udp                   ALLOW OUT   Anywhere
443 (v6)                   ALLOW OUT   Anywhere (v6)
80 (v6)                    ALLOW OUT   Anywhere (v6)
123 (v6)                   ALLOW OUT   Anywhere (v6)
53 (DNS (v6))              ALLOW OUT   Anywhere (v6)
9993/udp (v6)              ALLOW OUT   Anywhere (v6)

It all looks fine, so I started digging and I found:

Also:

So I tried:

# Accept everything from 9993/udp
-A ufw-before-input -p udp --dport 9993 -j ACCEPT
-A ufw-before-output -p udp --dport 9993 -j ACCEPT

network is fine but does seem a bit slow. Any ieas?

jacob · January 1, 2021, 1:29pm

Please consider this solved. Something to do with NAT. Now resolved.

system · January 8, 2021, 1:29pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.