OK sorry for the typos I was in a hurry to get out of my office and back home to see if I can get this thing figured out. I know that there is no UPD, and that it is UDP, and I know that I fat fingured the ip. I never said anything about knowing what rule was blocking the traffic just that it is being blocked and I can tell cause the weblet shows the ports it blocked traffic from.
The log entry you quote below shows more than what you say. It identifies the problem as being in the "net2all" chain (a custom chain Shorewall creates in the default table, not the nat table).
Now you need to provide the information Tom asked for (the nat table) and the last of the information I asked for (the default table), using the commands named in the SR FAQ (link is at the end of every list message).
Hits port Service 77 27015 CS aids Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:50:fc:99:90:89:00:01:5c:22:02:82:08:00 SRC=172.192.116.7 DST=12.212.68.51 LEN=38 TOS=00 PREC=0x00 TTL=114 ID=4266 PROTO=UDP SPT=1219 DPT=27015 LEN=18
It would be easier to interpret this if I knew what the destination address referred to. Is "12.212.68.51" (a) the IP address of the LAN host you are forwarding to, (b) the IP address of the router's external interface, or (c) something else?
If (a) then there is a rule missing in the net2all chain to ACCEPT the traffic (or possibly one somewhere else that directs it to a different chain ... but still, it needs to be ACCEPT'ed *somewhere* in the default table).
If (b) then the nat-table rule has some error in it, because it should rewrite the destination address (through its PREROUTING chain) before the packet ever gets to net2all.
If (c) ... well then, who knows?
I also did try 1a and 1b from the FAQ still with no luck. I know the local machine is accepting traffic on that port cause from inside the network we can connect, and if I remove the firewall everyone can connect. Also my ISP does not block the port.
As the SR FAQ explains, "no luck" is not a trouble report. Your comments above address only FAQ item 1a. SO, when you followed the steps in entry 1b of the Shorewall FAQ, what did you find out about the relevant nat rule (specifically, steps 3, 4, and 5)?
I'm not sure I understand what "if I remove the firewall everyone can connect" means. Do you mean that if you connect the relevant host directly to your Internet connection, then other hosts on the Internet can connect to it on port 27015?
I am pretty sure that I have missed something simple never the less Im stuck. Thanks for your help
Me too. That's why you have to start showing us what you actually did, not simply telling us you tried things and have "no luck". We can only troubleshoot when we have information to work with, and so far, we have neither what we've asked for nor what the Shorewall FAQ (in 1b) tells you to try.
In addition to the Shorewall info Tom and I have asked for, you might provide the basic LEAF info the SR FAQ asks for, just to give the Shorewall data some context (we don't know any of the basics of your setup, so we might miss something "obvious" due to that ignorance).
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
