Reply
Thread Tools
Posts: 986 | Thanked: 1,526 times | Joined on Jul 2010
#1
connman firewall updates (3.0.1 => 3.0.2) broke my IPv6 MMS (T-mobile USA).

i have no idea how to add a specific iptables rule to fix just MMS, so i just undid the big global change in /etc/connman/firewall.conf:
IPv6.INPUT.POLICY = DROP
=>
IPv6.INPUT.POLICY = ACCEPT

p.s.: anyone have a better suggestion for a more specific fix?
__________________
~ teleshoes ~
 

The Following 6 Users Say Thank You to wolke For This Useful Post:
Halftux's Avatar
Posts: 862 | Thanked: 2,511 times | Joined on Feb 2012 @ Germany
#2
Maybe this command could help. I don't know if it is tcp or udp, so maybe you need to modify the command.

Code:
/sbin/ip6tables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8008 -j ACCEPT
EDIT: the port could be 8080 for US you need to try. Ah that would be the outgoing port. I don't know on which port sailfish is listen btw, need to check later (normally SMPP when operating over TCP is 2775).

I am working on a gui (genwall) to also implement this in the future.

Last edited by Halftux; 2019-04-01 at 14:02.
 

The Following 5 Users Say Thank You to Halftux For This Useful Post:
Posts: 1,288 | Thanked: 4,316 times | Joined on Oct 2014
#3
My best guess would be DNS setup in the ipv6 rules.
Try to just allow UDP/(TCP perhaps also) for port 53
 

The Following User Says Thank You to nieldk For This Useful Post:
Halftux's Avatar
Posts: 862 | Thanked: 2,511 times | Joined on Feb 2012 @ Germany
#4
Originally Posted by nieldk View Post
My best guess would be DNS setup in the ipv6 rules.
Try to just allow UDP/(TCP perhaps also) for port 53
Yes but then also the browser wouldn't work, or does only mms go with ipv6?

So I couldn't try because I have no small sim with mms function.

We need more informations, if you don't have ip6tables command you need to install iptables-ipv6 package.

With active mobile data connection do:
Code:
lsof -Pn -i > netinfo.txt
ip6tables --list >> netinfo.txt
And attach the file please.
You could also check, with lsof command, for connections when you receive a mms.

You could also configure ip6tables to log rejected tcp packages, I would set "--log-level notice". And then you can check with:

Code:
journalctl -k
the rejected connections.
 

The Following 2 Users Say Thank You to Halftux For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 19:17.