Hello--
I know this is a RTFM kind of question, but I have been struggling with this for a couple of days now. I am running a dachstein(i believe) firewall, using ipchains. I need to forward ports 6000-6999/udp from my external interface (eth0) to one host on my internal network (192.168.1.9). When I run tcpdump on the external interface, I see these packets on the wire, however, when I run tcpdump on an internal box (in promiscuous mode), I don't see any traffic. If I bypass the firewall, all is well, so I know its a problem with my forwarding of the range of UDP ports. I believe the problem lies somewhere in my ipchains statement.
Can someone take a look and tell me if I am missing something here?
Thanks.
Relevant parts of /etc/network.conf:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
EXTERN_UDP_PORTS="0/0_domain 0/0_6000:6999"
INTERN_PS2_SERVER=192.168.1.9
Relevant parts of /etc/ipfilter.conf (added right after other forwarding 'if' statements):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
if [ -n "$INTERN_PS2_SERVER" ] ; then
$IPCH -A input -s 0.0.0.0/0 -d $INTERN_PS2_SERVER 6000:6999 -p udp -j ACCEPT
$IPMASQADM autofw -A -v -r udp 6000 6999 -h $INTERN_PS2_SERVER
fi
Output of "ipchains -L -n |grep 6000"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ipchains -L -n |grep 6000
ACCEPT udp ------ 0.0.0.0/0 192.168.1.9 * -> 6000:6999
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 6000:6999
Output of "tcpdump -i eth0 | grep "\.6... " (to filter on range):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20:26:14.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565 > 66-108-7-175.nyc.rr.com.61717: udp 4
20:26:17.446460 dy251162.resnet.uky.edu.6091 > 66-108-7-175.nyc.rr.com.61487: udp 4
20:26:19.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565 > 66-108-7-175.nyc.rr.com.61717: udp 4
20:26:24.396460 pcp01120514pcs.flshng01.mi.comcast.net.6565 > 66-108-7-175.nyc.rr.com.61717: udp 4
20:26:27.446460 dy251162.resnet.uky.edu.6091 > 66-108-7-175.nyc.rr.com.61487: udp 4
Any ideas? Help would be appreciated.
Billy
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
- Re: [leaf-user] Simple autofw problem billy jacobs
- Re: [leaf-user] Simple autofw problem guitarlynn
- Re: [leaf-user] Simple autofw problem billy jacobs
- Re: [leaf-user] Simple autofw problem Ray Olszewski
- Re: [leaf-user] Simple autofw problem billy jacobs
- Re: [leaf-user] Simple autofw problem Ray Olszewski
- Re: [leaf-user] Simple autofw problem guitarlynn
