Re: [Shorewall-users] Ping from a Amazon FireStick to LAN -- good via IP; fails via hostname? is this a FW issue, or other?

Sat, 07 Dec 2019 22:39:39 -0800 

On 12/7/2019 9:42 PM, PGNet Dev wrote:
> I'm inserting an Amazon FireStick (Android-based) into my lan.
> 
> All SW firewall/routing/etc is done on a linux box for my LAN.
> 
> The FireStick needs to communicate with a server @ 10.1.1.101 on my lan.
> 
> The target's got fwd/reverse DNS setup,
> 
>       host target.lan.loc
>               target.lan.loc has address 10.1.1.101
> 
>       host 10.1.1.101
>               101.1.1.10.in-addr.arpa domain name pointer target.lan.loc.
> 
> It's pingable from any/all Linux boxes on my LAN.
> 
> 
> On the FireStick it's pingable via IP,
> 
> $ ping 10.1.1.101
>       PING 10.1.1.101 (10.1.1.101) 56(84) bytes of data.
>       64 bytes from 10.1.1.101: icmp_seq=1 ttl=63 time=2.38 ms
>       64 bytes from 10.1.1.101: icmp_seq=2 ttl=63 time=77.2 ms
>       ...
>       --- 10.1.1.101 ping statistics ---
>       2 packets transmitted, 2 received, 0% packet loss, time 1001ms
>       rtt min/avg/max/mdev = 2.387/39.836/77.286/37.450 ms
> 
> 
> But NOT via its hostname, which DOES apparently resolve to the IP,
> 
> $ ping target.lan.loc
>       PING target.lan.loc (10.1.1.101) 56(84) bytes of data.
>       ...
>       --- target.lan.loc ping statistics ---
>       9 packets transmitted, 0 received, 100% packet loss, time 8005ms
> 
> 
> Logging & diags are a challenge on the Stick ... no root :-/
> 
> 1st Q -- is there additional, explicit SW rule/config/helper/etc I need?
>

See point 1 below.

> I _suspect_ this is NOT a firewall issue ...
> 

Some hints to look into:

- DNS requires tcp/udp 53

Does your FireStick have DNS access to port 53 tcp/udp to your DNS server?


- Insuring that Shorewall is not the issue

Try clearing the firewall by doing 'shorewall clear' -- Your LAN will be
unprotected.

The URL (1) could also be useful.


- MDNS related

The FireStick might require MDNS.


- '.lan.loc' TLD

For a home network '.lan' or '.home' should be fine or '.local' if you
use MDNS.


HTH.

1)  http://shorewall.org/troubleshoot.htm

-Matt
-- 
Matt Darfeuille


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to