# Configurator.c: Timed out waiting for a response In some scenario cjdns could fail at starting up with the following cryptic messages: ``` 1428440513 DEBUG AdminClient.c:333 Connecting to [127.0.0.1:11234] 1428440513 DEBUG UDPAddrIface.c:294 Bound to address [0.0.0.0:58063] 1428440518 CRITICAL Configurator.c:96 Failed to make function call [Timed out waiting for a response], error: [ping] 1428440518 CRITICAL Configurator.c:56 enable Log_LEVEL=KEYS to see message content. 1428440523 CRITICAL Configurator.c:68 Failed to stop the core. 1428440523 CRITICAL Configurator.c:70 Aborting. ``` ## Cause cjdns is configured via the admin interface, listening by default on `localhost`, port `11234`. However, there are some machine configurations where the firewall has a default policy different from ACCEPT for the INPUT chain and there's an exception for loopback interface missing. Checking with `iptables -t filter -L` (as root) should output something like: ``` Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ``` The above output is the default configuration of the firewall, with everything allowed, your own could be configured in many different ways. However, you have to check your INPUT chain policy, if it's REJECT or DROP that could be causing the problem above. ## Solution There are a couple of solutions to this issue. ### ACCEPT everything on INPUT Piece of cake: just run `iptables -t filter -P INPUT ACCEPT`. ### Add an exception for loopback traffic This solution is more complex, but allows you to retain your full firewall functionality while allowing cjdns at the same time. You have to allow both inbound and outbound traffic on the loopback interface, usually named `lo`. That name is the one which is going to be used in the following code snippet. ``` iptables -t filter -I INPUT -i lo -j ACCEPT iptables -t filter -I INPUT -o lo -j ACCEPT ``` Ok, I cheated. The rules are really simple: just ACCEPT everything from (`-i`) or to (`-o`) loopback interface (`lo`) on chain `INPUT`. Maybe not so simple really... #### ... and now you can't peer Just adding an exception for `lo` is not enough if you want to peer via UDP and you didn't load the conntrack module. Load it or add an exception for the port used by the UDPInterface. Or just use the first solution.