udp client sending ICMP "port unreachable" when receiveing messages from the server

sockets networking udp icmp luasocket
nonchip picture nonchip · Jul 13, 2014 · Viewed 19.5k times · Source

Moved: https://superuser.com/questions/782549/udp-client-sending-icmp-port-unreachable-when-receiveing-messages-from-the-ser

I have a udp client using luasocket, basically doing this (with a few layers of abstraction, but this is what's going on there):

s=socket.udp()
s:setsockname("*",0)
s:setpeername(socket.dns.toip("example.com"),64299)
s:settimeout(0)
s:send(...)
s:settimeout(10)
msg,err=s:receive()
s:settimeout(0)
print(msg,err)

while seeing everything's fine in the server's debug output (ssh to the remote host), i get a "timeout" error in the client.

when inspecting everything with client-side wireshark, I see the packet my client sent, and a response packet from the server (correct port and everything), AND an ICMP "port unreachable" packet sent from my client host to the server in response to it's (correct) response.

what's going on there? I tried everything, including resetting my iptables to "accept everything", but my client still sends the "port unreachable".

the relevant packets are:

From            To                  Len Description
192.168.2.100   95.143.172.171  UDP 61  Source port: 45025  Destination port: 64299
  000e8f11e7000025229835a908004500002f4008400040112b6fc0a802645f8facabafe1fb2b001b28d794d2000ec8360100aa81a477616e74a3756964
95.143.172.171  192.168.2.100   UDP 60  Source port: 64299  Destination port: 45025
  0025229835a9000e8f11e70008004500002b000040003911727b5f8facabc0a80264fb2bafe100172e8d94d2000e0ea10100a681a3756964ff000000
192.168.2.100   95.143.172.171  ICMP 85 Destination unreachable (Port unreachable)
  000e8f11e7000025229835a9080045c00047061d00004001a492c0a802645f8facab0303cc6c000000004500002b000040003911727b5f8facabc0a80264fb2bafe100172e8d94d2000e0ea10100a681a3756964ff

Firewall, in case it's important (which I don't think, because iptables doesn't increment any INPUT packet counters while this happens):

$ sudo iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 64299 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i eth0 -p tcp -m tcp --dport 10001:30000 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT

Answer

user207421 picture user207421 · Jul 13, 2014

Your client-side firewall is actively blocking inbound UDP.

Related questions

What is the largest Safe UDP Packet Size on the Internet

I've read a number of articles about UDP packet sizes but have been unable to come to a conclusion on whats correct. A number of services restrict the largest UDP packet to 512 bytes (like dns) Given the minimum MTU on …

Read More
Can TCP and UDP sockets use the same port?

First of all, is there any problem with using both UDP and TCP on the same server? Secondly, can I use the same port number?

Read More
What's the purpose of using sendto()/recvfrom() instead of connect()/send()/recv() with UDP sockets?

I can grasp the concept of TCP vs UDP, but still I don't know why are there 2 ways of sending UDP packets, and with that I still don't understand if this is absolutely necessary to bind() and accept()...

Read More