On Friday 15 November 2002 19:53, billy jacobs wrote: Comments inline ;-)
> EXTERN_UDP_PORTS="0/0_domain 0/0_6000:6999" > INTERN_PS2_SERVER=192.168.1.9 OK, you've opened the 6000-6999 udp port range. > Relevant parts of /etc/ipfilter.conf (added right after other > forwarding 'if' statements): > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > if [ -n "$INTERN_PS2_SERVER" ] ; then > $IPCH -A input -s 0.0.0.0/0 -d $INTERN_PS2_SERVER 6000:6999 -p udp > -j ACCEPT > $IPMASQADM autofw -A -v -r udp 6000 6999 -h $INTERN_PS2_SERVER > fi OK, the port range is forwarded to 192.168.1.9 address. > Output of "ipchains -L -n |grep 6000" > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > # ipchains -L -n |grep 6000 > ACCEPT udp ------ 0.0.0.0/0 192.168.1.9 * > -> 6000:6999 > ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * > -> 6000:6999 The changes appear to be active. > Output of "tcpdump -i eth0 | grep "\.6... " (to filter on range): > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 20:26:14.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565 > > 66-108-7-175.nyc.rr.com.61717: udp 4 > 20:26:17.446460 dy251162.resnet.uky.edu.6091 > > 66-108-7-175.nyc.rr.com.61487: udp 4 > 20:26:19.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565 > > 66-108-7-175.nyc.rr.com.61717: udp 4 > 20:26:24.396460 pcp01120514pcs.flshng01.mi.comcast.net.6565 > > 66-108-7-175.nyc.rr.com.61717: udp 4 > 20:26:27.446460 dy251162.resnet.uky.edu.6091 > > 66-108-7-175.nyc.rr.com.61487: udp 4 Ok, your blocking udp 4. This port is not opened much less forwarded. I'm not sure how this applies to your added configuration. > Any ideas? Help would be appreciated. It would help if we had any idea what you are attempting to forward service wise. I'm not clear on what you are attempting to show with the tcpdump. Have you loaded the autofw module? More information is requested so we can atleast make a guess at what the problem may be. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
