Ray Olszewski wrote:
Not being a Shorewall expert, I can't help you with that part. But as to the underlying iptables rules (the first part of what you describe doing), you've only done half of what you need. In addition to the changes to PREROUTING, you need entries similar to this (for each port and protocolinvolved):This fellow posted later on the Shorewall list where I recommended that he remove his iptables commands and the rules that he posted are replace them with:
iptables -A inbound -d 192.168.1.6 -p tcp --destination-port 4661 -j ACCEPT
I say "similar to" because you probably use a chain name other than "inbound" to process FORWARD-chain packets from the external interface to the LAN interface.
I'm a bit hazy on how edonkey works, but you *might* need to extend these rules to cover udp packets as well as tcp.
DNAT net loc:192.168.1.6 tcp 4661:4666
Apparently his local zone isn't called 'loc' because that caused an error (Invalid server zone). I recommended that he replace 'loc' with the name of his local zone and have heard nothing further.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ [EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
