So ... the obvious question is: what software do you have that is listening on this port, and what host is that something running on? (Because you have, seemingly, ignored my prior responses to your postings, this will be my last attempt to assist if you do not answer this question next time around.)
If it is the LEAF router/firewall itself that is listening on port 4662, then it is unclear what is preventing it from working (though your description continues to be unnecessarily sketchy, so it would be easy to miss something you forgot to mention ... in this case, I once again refer you to the SR FAQ).
If it is a host on the LAN "behind" the LEAF router/firewall that listens on port 4662 ... well, you've provided no way for incoming traffic to reach that host.
If you are MASQ'ing the LAN (I think a prior message said you are), that automatically stops all incoming connections, except fot the ones you port forward to specific hosts. You never reported any port-forwarding rules, so I'm guessing that you didn't add any. The Shorewall instructions offer a good explanation of how to do port forwarding with Shorewall, a much better one than I can dash offf in an e-mail reply, so I refer you to them.
If you are not MASQ'ing the LAN, then your problem is probably that the Cisco router does not know that 192.168.10.6 is its route to (I surmise) 192.168.30.0/24 (or whatever network you are using for the LAN).
There are other things that could be causing this problem, but if other Internet connectivity now works ... for example, if LAN hosts can reach Web sites ... they are pretty much ruled out. I also assume that the typos in the rules you report (for example, "ACCPET" for "ACCEPT") are errors only in the e-mail message, not actually in your configuration.
Oh, and I assume you miswrote when you referred to "resolv.conf" below, since the information is the wrong format for resolv.conf but the right format for (for example) /etc/hosts.allow.
At 12:39 PM 10/11/2003 +0200, Jose Luis Abuelo Sebio wrote:
Good morning everyone.
Let�s see if you can help me to find out what�s the problem in the configuration of my local net.
Let�s start from the begining. I have a cable operator which provides me intertet service, this cable operator gave me a cisco router which I can not manage but the cable operator gave me the IP address of the internal interface of the router(192.168.10.1) to manage my local net setting the default gatway of all my local PC�s to that IP address. Because I am using a program to download information for my business I asked the cable operator to open all the ports for the IP address to one of my local PC�s (192.168.10.6) and they did it.
But now that I have important things in my local net I decided to install a firewall (hardware) between the cisco router and my local net. I use an old machine running bering and Shorewall. Te configuration of my net now is as follows:
192.168.10.1 192.168.30.1 Cisco------------Firewall-------------Local Net 192.168.10.6 192.168.30.X
Because I want all my local PC�s to use that program of downloads I gave the addres which has all the ports opened in the cisco router to the external IP of the firewall(Leaf router). So I have changed the subnet ip address of my local net.
Following the configuration I wrote up and the rules I put on the firewall, Internet works fine, but the program of downloads gives me an error
"your port 4662 is unreachable" (message from the server). So it works much slower that before
But I don�t know why, because in the rules I have opened this port
ACCPET local fw tcp 4662 ACCEPT fw local tcp 4662 ACCEPT net fw tcp 4662 ACCEPT fw net tcp 4662
I have the masquerade configuration correct, because it works for other programs, the policy file is
loc net ACCPET net all DROP all all reject
the file resolv.conf is ALL: 192.168.30.0/ 192.168.30.255
I don�t know if you see the point of the situation, First I asked my cable operator to open all the ports for the machine 192.168.10.6 and the program worked fine, but now with the firewall it doesn�t. Why? that�s what I try to find out. If the cisco router has all the ports opened for the ip 192.168.10.6 (external ip address of the firewall) and in the firewall I allow all the trafic for that port, why do I get that message? Having the configuration as I have explained the program would have to work fine, and all my local pc�s should be able to use it don�t they? Please any help would be really apreciated.
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
