Solved: Do restrictions and quotas work for UDP? (yes)

If your problem doesn't fall into one of the other categories, report it here.

Moderator: Moderators

Post Reply
killerbeagle
Posts: 2
Joined: Mon Feb 15, 2016 7:31 pm

Solved: Do restrictions and quotas work for UDP? (yes)

Post by killerbeagle »

I've got a "cloud camera" that insists on connecting to various servers in China. I just want to use it in local mode and block external connections. However, I have tried several methods, and none seem to work.

The camera appears to connect to 4 different external IP addresses via UDP to port 51800. I have a static IP address set for the camera. I have tried:
  • a restriction for all network access for "only the following host" for the camera
    a restriction for UDP to remote port 51800
    a restriction for UDP to the 4 external IP addresses
    a quota of 0.001 MB for the camera
Yet I still see 4 active connections to the addresses at that port. Even though the quota status shows 100% used, the connections continue.

This is on a WDR3600 with both 1.6.0 and 1.9.0 versions.

Am I missing something, like a check box saying "apply rules to UDP"? I know that at least quotas work in these builds, because I have seen them working for other devices on the network. Is there a way to look at the rules in effect by issuing some commands from an ssh session? Or do these functions not work on UDP?
Last edited by killerbeagle on Tue Feb 16, 2016 11:35 am, edited 1 time in total.
Top
Lantis
Moderator
Posts: 7063
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Do restrictions and quotas work for UDP?

Post by Lantis »

Can you please post a copy of your settings so we can replicate them?

Obviously we won't have the same camera but we can try and investigate.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Top
nworbnhoj
Posts: 916
Joined: Mon Jul 21, 2014 10:08 am
Location: Australia
Contact:
Contact nworbnhoj

Re: Do restrictions and quotas work for UDP?

Post by nworbnhoj »

I am wondering if it is a case of the UDP connection being opened before the iptables rule is installed/enforced and the connection continues. What happens if you apply the rules and then power cycle the router and camera?
Can you help someone else get Gargoyle up and running?
TL-WDR3600 : Gargoyle 1.9.0 : NBN FixedWireless
TL-WR1043ND-V2 : Gargoyle 1.8.0 : 3G Huawei E160E
Top
killerbeagle
Posts: 2
Joined: Mon Feb 15, 2016 7:31 pm

Re: Do restrictions and quotas work for UDP?

Post by killerbeagle »

I'm not seeing the problem any more. I think it was a combination of user confusion and the already-established connections that nworbnhoj mentioned.

The confusing part is that after adding all those rules and rebooting the router, I saw no mention in iptables output of the host IP, ports or remote IPs that were excluded. However, after a second router reboot, they were indeed there. I don't recall if I ever power cycled the router. At that point, I had already unplugged the camera. I plugged the camera back in last night, and have not seen any connections or bytes used in the last 12 hours.

So there does not appear to be an issue, but I may start power cycling and/or double rebooting after changing restrictions in the future.
Top
Post Reply

Return to “Other Issues”