I'm having trouble getting port forwarding working in Mandrake Network Firewall
(MNF). I need to have TCP and UDP ports 4661-4666, 13842 and 12700 open for my
mldonkey client, which resides on 192.168.0.10. Here's how I have it set up (in
'Firewall Rules' -> 'rules' in the web config) at present:
__________________________________________________________________________
Result | Client Zone | Server Zone      | Protocol | Port(s)   | Forward
==========================================================================
ACCEPT | wan         | lan:192.168.0.10 | tcp+udp  | 4661:4666 | all
ACCEPT | wan         | lan:192.168.0.10 | tcp+udp  | 13842     | all
ACCEPT | wan         | lan:192.168.0.10 | tcp+udp  | 12700     | all
--------------------------------------------------------------------------

I've tried many other combinations of settings, and I've read through the
documentation at http://www.shorewall.net/, but nothing seems to work. In
/var/log/syslog on the firewall, I get messages like this:

Dec 30 19:50:55 silliac kernel: Shorewall:lan2all:DROP:IN=eth1 OUT=eth0
SRC=192.168.0.10 DST=217.88.157.75 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=52119 DF
PROTO=TCP SPT=33553 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0

I assume this means that connections to port 4662 are being blocked, right?

I've noticed some other actions besides the standard ACCEPT, DROP and REJECT.
Would REDIRECT or DNAT be of any use here? What are they, anyway?

Can somebody please instruct me on how to get forwarding working? I'm used to
using Firestarter, but Shorewall looks completely different.


-- 
Sridhar Dhanapalan
  [Yama | http://www.pclinuxonline.com/]

        "In short, Microsoft is no more able to build secure products
        than England's cricket team is able to withstand the bowling
        of Australia's bowlers."
          -- John Leyden, "MS firewall is holier than the Pope",
              The Register (http://www.theregister.co.uk), 2001-08-20.

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Reply via email to