BGP: can't connect to fd 37 : Permission denied

FRRouting / frr

The FRRouting Protocol Suite

https://frrouting.org/

Other

3.28k stars 1.24k forks source link

BGP: can't connect to fd 37 : Permission denied #10828

Closed liuxyon closed 2 years ago

liuxyon commented 2 years ago

frr 7.5.1 in pfsense 2.6 system. i need setup and connect ebgp-multihop, but it is could not establish connection log: 2022/03/19 02:16:50 BGP: can't connect to 2604:8800:240::200 fd 37 : Permission denied

neighbor 2604:8800:240::200 remote-as 64496 neighbor 2604:8800:240::200 local-as 18753 neighbor 2604:8800:240::200 description neighbor 2604:8800:240::200 password neighbor 2604:8800:240::200 ebgp-multihop 255 neighbor 2604:8800:240::200 update-source 2602:fed5:7021::face

donaldsharp commented 2 years ago

we are going to need a actual underlying OS version number to help us debug. But reading the connect man page: EACCES, EPERM The user tried to connect to a broadcast address without having the socket broadcast flag enabled or the connection request failed because of a local firewall rule.

you are receiving EPERM

liuxyon commented 2 years ago

System KVM Guest Netgate Device ID: BIOS Vendor: SeaBIOS Version: rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org Release Date: Tue Apr 1 2014 Version 2.6.0-RELEASE (amd64) built on Mon Jan 31 19:57:53 UTC 2022 FreeBSD 12.3-STABLE CPU Type AMD A8-5600K APU with Radeon(tm) HD Graphics 4 CPUs: 1 package(s) x 4 core(s) AES-NI CPU Crypto: Yes (active) QAT Crypto: No Hardware crypto AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS Kernel PTI Disabled MDS Mitigation Inactive https://frafiles.netgate.com/mirror/downloads/pfSense-CE-2.6.0-RELEASE-amd64.iso.gz

liuxyon commented 2 years ago

The user tried to connect to a broadcast address without having the socket broadcast flag enabled or the connection request failed because of a local firewall rule.

you are receiving EPERM

i have allow from peer ips to lan ip. and allow LAN net to peer ips in firewall. Is there any special setup required?

qlyoung commented 2 years ago

It seems likely you have a firewall rule or something else your system preventing us from making the connection. This is almost certainly a detail of your particular platform, which we don't provide support for.

Is there any special setup required?

We don't know. You should probably try the usual methods for debugging firewall issues, such as disabling your firewall completely and seeing if you can connect.

Please use the issue template in the future.

@frrbot autoclose in 3 days

frrbot[bot] commented 2 years ago

This issue will be automatically closed in the specified period unless there is further activity.