I'm having trouble getting port forwarding working in Mandrake Network Firewall (MNF). I need to have TCP and UDP ports 4661-4666, 13842 and 12700 open for my mldonkey client, which resides on 192.168.0.10. Here's how I have it set up (in 'Firewall Rules' -> 'rules' in the web config) at present: __________________________________________________________________________ Result | Client Zone | Server Zone | Protocol | Port(s) | Forward ========================================================================== ACCEPT | wan | lan:192.168.0.10 | tcp+udp | 4661:4666 | all ACCEPT | wan | lan:192.168.0.10 | tcp+udp | 13842 | all ACCEPT | wan | lan:192.168.0.10 | tcp+udp | 12700 | all --------------------------------------------------------------------------
I've tried many other combinations of settings, and I've read through the documentation at http://www.shorewall.net/, but nothing seems to work. In /var/log/syslog on the firewall, I get messages like this: Dec 30 19:50:55 silliac kernel: Shorewall:lan2all:DROP:IN=eth1 OUT=eth0 SRC=192.168.0.10 DST=217.88.157.75 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=52119 DF PROTO=TCP SPT=33553 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 I assume this means that connections to port 4662 are being blocked, right? I've noticed some other actions besides the standard ACCEPT, DROP and REJECT. Would REDIRECT or DNAT be of any use here? What are they, anyway? Can somebody please instruct me on how to get forwarding working? I'm used to using Firestarter, but Shorewall looks completely different. -- Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/] "In short, Microsoft is no more able to build secure products than England's cricket team is able to withstand the bowling of Australia's bowlers." -- John Leyden, "MS firewall is holier than the Pope", The Register (http://www.theregister.co.uk), 2001-08-20.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
