Code Monkey home page Code Monkey logo

Comments (12)

PhonicUK avatar PhonicUK commented on June 17, 2024 1

I suspect this is some artefact of being in a container - because on a Debian VM you get nf_tables as the backend rather than legacy. That said it shouldn't matter that much, AMP just reads the output to know what rules are there and it's capable of tolerating the output not being in the numeric format.

from amp.

recursiveGecko avatar recursiveGecko commented on June 17, 2024

Repeating some of the same diagnostic steps mentioned in #368:

root@AMP:~# ampinstmgr updatefirewall amp
[Info] AMP Instance Manager v2.4.6.4 built 06/09/2023 12:13
[Info] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
[Info] Using iptables firewall.
Can't find custom attr constructor image: /opt/cubecoders/amp/plugins/ADSModule.dll mtoken: 0x0a00001e due to: Could not load file or assembly 'SQLite-net, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies.
[Info] Adding 4 new firewall rules
[Info] Firewall rule to add: TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] Firewall rule to add: TCP/10100 (AMP:Valheim01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] Firewall rule to add: UDP/10101 (AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort1)
[Info] Firewall rule to add: UDP/10102 (AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort2)
[Info] No existing firewall rules to remove

root@AMP:~# iptables -L INPUT --line-numbers | wc -l
1170

root@AMP:~# ampinstmgr updatefirewall amp
[Info] AMP Instance Manager v2.4.6.4 built 06/09/2023 12:13
[Info] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
[Info] Using iptables firewall.
Can't find custom attr constructor image: /opt/cubecoders/amp/plugins/ADSModule.dll mtoken: 0x0a00001e due to: Could not load file or assembly 'SQLite-net, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies.
[Info] Adding 4 new firewall rules
[Info] Firewall rule to add: TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] Firewall rule to add: TCP/10100 (AMP:Valheim01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] Firewall rule to add: UDP/10101 (AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort1)
[Info] Firewall rule to add: UDP/10102 (AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort2)
[Info] No existing firewall rules to remove

root@AMP:~# iptables -L INPUT --line-numbers | wc -l
1174

root@AMP:~# ampinstmgr updatefirewall amp
[Info] AMP Instance Manager v2.4.6.4 built 06/09/2023 12:13
[Info] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
[Info] Using iptables firewall.
Can't find custom attr constructor image: /opt/cubecoders/amp/plugins/ADSModule.dll mtoken: 0x0a00001e due to: Could not load file or assembly 'SQLite-net, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies.
[Info] Adding 4 new firewall rules
[Info] Firewall rule to add: TCP/2223 (AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] Firewall rule to add: TCP/10100 (AMP:Valheim01:FileManagerPlugin.SFTP.SFTPPortNumber)
[Info] Firewall rule to add: UDP/10101 (AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort1)
[Info] Firewall rule to add: UDP/10102 (AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort2)
[Info] No existing firewall rules to remove

root@AMP:~# iptables -L INPUT --line-numbers | wc -l
1178

root@AMP:~# ampinstmgr dumpfirewall
[Info] AMP Instance Manager v2.4.6.4 built 06/09/2023 12:13
[Info] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
[Info] Using iptables firewall.
[Info] No firewall rules to display.

root@AMP:~# iptables -L INPUT --line-numbers | wc -l
1178

Curiously the build date mentioned by ampinstmgr is different from the one displayed on the web dashboard.

from amp.

Greelan avatar Greelan commented on June 17, 2024

Possibly the issue is that Debian 12 uses nftables by default, and iptables rules are translated to nftables via iptables-nft. So AMP is probably not parsing the existing rules correctly. I suspect if you enable ufw and let AMP use that instead the issue will likely be resolved.

from amp.

recursiveGecko avatar recursiveGecko commented on June 17, 2024

I'm not so sure. According to the Debian wiki, nftables have been the default since Debian 10. Furthermore, Proxmox sets update-alternatives of iptables to iptables-legacy, so I don't believe nftables are in use at all.

# ls -l /etc/alternatives/ | grep iptables
lrwxrwxrwx 1 root root  25 Sep 10 20:50 iptables -> /usr/sbin/iptables-legacy
lrwxrwxrwx 1 root root  33 Sep 10 20:50 iptables-restore -> /usr/sbin/iptables-legacy-restore
lrwxrwxrwx 1 root root  30 Sep 10 20:50 iptables-save -> /usr/sbin/iptables-legacy-save

I don't want to use ufw, but as a temporary measure I could turn off the firewall on the container which is already behind NAT & FW.

from amp.

PhonicUK avatar PhonicUK commented on June 17, 2024

What's the output of iptables -n -L INPUT specifically? That's the command the firewall manager uses with iptables to read the rules.

A difference of build date is normal, AMP itself gets updated more frequently than the command line tools.

The other thing you can do is ampinstmgr --debug dumpfirewall to get more information about what it's doing.

from amp.

recursiveGecko avatar recursiveGecko commented on June 17, 2024 
root@AMP:~# iptables -n -L INPUT

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2223 /* AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2224 /* AMP:BeamMP01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10111 /* AMP:BeamMP01:GenericModule.App.Ports.$HTTPServerPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2223 /* AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2224 /* AMP:BeamMP01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10111 /* AMP:BeamMP01:GenericModule.App.Ports.$HTTPServerPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2223 /* AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2224 /* AMP:BeamMP01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10111 /* AMP:BeamMP01:GenericModule.App.Ports.$HTTPServerPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2223 /* AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2220 /* AMP:Valheim01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10101 /* AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort1 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10102 /* AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort2 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2222 /* AMP:Vanilla01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10108 /* AMP:Vanilla01:GenericModule.App.Ports.$ApplicationPort1 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10109 /* AMP:Vanilla01:GenericModule.App.Ports.$ApplicationPort2 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10210 /* AMP:Vanilla01:GenericModule.App.Ports.$RemoteAdminPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2224 /* AMP:BeamMP01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10111 /* AMP:BeamMP01:GenericModule.App.Ports.$HTTPServerPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2223 /* AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2220 /* AMP:Valheim01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10101 /* AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort1 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10102 /* AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort2 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2222 /* AMP:Vanilla01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10108 /* AMP:Vanilla01:GenericModule.App.Ports.$ApplicationPort1 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10109 /* AMP:Vanilla01:GenericModule.App.Ports.$ApplicationPort2 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10210 /* AMP:Vanilla01:GenericModule.App.Ports.$RemoteAdminPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2224 /* AMP:BeamMP01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10111 /* AMP:BeamMP01:GenericModule.App.Ports.$HTTPServerPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2223 /* AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2220 /* AMP:Valheim01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10101 /* AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort1 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10102 /* AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort2 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2222 /* AMP:Vanilla01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10108 /* AMP:Vanilla01:GenericModule.App.Ports.$ApplicationPort1 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10109 /* AMP:Vanilla01:GenericModule.App.Ports.$ApplicationPort2 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10210 /* AMP:Vanilla01:GenericModule.App.Ports.$RemoteAdminPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2224 /* AMP:BeamMP01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10111 /* AMP:BeamMP01:GenericModule.App.Ports.$HTTPServerPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2223 /* AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2220 /* AMP:Valheim01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10101 /* AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort1 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10102 /* AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort2 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2222 /* AMP:Vanilla01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10108 /* AMP:Vanilla01:GenericModule.App.Ports.$ApplicationPort1 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10109 /* AMP:Vanilla01:GenericModule.App.Ports.$ApplicationPort2 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10210 /* AMP:Vanilla01:GenericModule.App.Ports.$RemoteAdminPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2224 /* AMP:BeamMP01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10111 /* AMP:BeamMP01:GenericModule.App.Ports.$HTTPServerPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2223 /* AMP:ADS01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2220 /* AMP:Valheim01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10101 /* AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort1 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10102 /* AMP:Valheim01:GenericModule.App.Ports.$ApplicationPort2 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2222 /* AMP:Vanilla01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10108 /* AMP:Vanilla01:GenericModule.App.Ports.$ApplicationPort1 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10109 /* AMP:Vanilla01:GenericModule.App.Ports.$ApplicationPort2 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10210 /* AMP:Vanilla01:GenericModule.App.Ports.$RemoteAdminPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2224 /* AMP:BeamMP01:FileManagerPlugin.SFTP.SFTPPortNumber */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10111 /* AMP:BeamMP01:GenericModule.App.Ports.$HTTPServerPort */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:10110 /* AMP:BeamMP01:GenericModule.App.Ports.$MainGamePort */

root@AMP:~# ampinstmgr --debug dumpfirewall

[Info] AMP Instance Manager v2.4.6.4 built 06/09/2023 12:13
[Info] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV
[Debug] Syncing certificate store using /etc/ssl/certs/ca-certificates.crt
[Debug] Current certificate store contains 136 items, system store contains 137
[Debug] Imported 1 certificates.
[Debug] Removed 0 certificates.
[Debug] Sync process completed.
[Debug] Loading instances from /root/.ampdata/instances.json...
[Debug] /root/.ampdata/instances.json does not exist, using empty dataset.
[Info] Using iptables firewall.
[Debug] Starting process /usr/sbin/iptables
[Debug] Started process with ID 323805
[Info] No firewall rules to display.
[Debug] Starting process /usr/sbin/iptables
[Debug] Started process with ID 323806

from amp.

PhonicUK avatar PhonicUK commented on June 17, 2024

This is a little odd - I can't currently reproduce this on Debian.

The only thing that I am noticing is that your iptables output looks wrong- when using the -n flag it should be showing 0.0.0.0 rather than anywhere but AMP is more than able to cope with that.

What's the output of whereis iptables ?

from amp.

recursiveGecko avatar recursiveGecko commented on June 17, 2024

Hmm, odd. This was a brand new AMP install in a clean Debian 12 container created using Proxmox 8 debian-12-standard_12.0-1_amd64.tar.zst template.

root@AMP:~# whereis iptables
iptables: /usr/sbin/iptables /usr/share/iptables /usr/share/man/man8/iptables.8.gz

root@AMP:~# iptables --version
iptables v1.8.9 (legacy)

from amp.

mar3ld avatar mar3ld commented on June 17, 2024

I'm also having this issue. Network traffic / throughput is heavily affected, like can't use more than ~25Mb/s on a 1Gb/s link before CPU cores get maxed out. Hosted games on Target starting to stutter / lag / rubber band.

Is there a recommended solution to this?

sudo iptables -S | wc -l
100034

lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 12 (bookworm)
Release:	12
Codename:	bookworm

cat /etc/debian_version
12.2

uname -a
Linux erosion 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64 GNU/Linux

ampinstmgr --version
[Info] AMP Instance Manager v2.4.6.6 built 05/10/2023 11:57
[Info] Stream: Mainline / Release - built by CUBECODERS/buildbot on CCL-DEV

from amp.

PhonicUK avatar PhonicUK commented on June 17, 2024

@mar3ld is this on bare metal or some kind of container?

from amp.

IceOfWraith avatar IceOfWraith commented on June 17, 2024

This is solved in the latest development release.

from amp.

recursiveGecko avatar recursiveGecko commented on June 17, 2024

Thanks. I've re-enabled firewall rules for my instances so I'll keep an eye on things.

That said, I've found another edge case where duplicate rules are created. After updating my instances, the licenses somehow ended up becoming invalid and so none of the instances would start (by the way, a user-friendly error message would be nice when an instance doesn't start, I had to search through logs to find the license issue).

As I was restarting my instances trying to figure out what was going on, I ended up with many duplicate rules and this seems to have stopped once I reactivated my licenses.

from amp.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.