Ok so, what do you guys need next? I my pervious email I sent the output of the error report that is made by the weblet. It shows it has blocked 77 hits from port 27015. As well the local machines log(the one the traffic is being forwarded too)show nothing is being received. As far as the time stamps my firewall is on a old p166 that doesn't have a working cmos battery so I am waiting till I get working floppy going till I set the date and time.
OK. I don't pretend to read Tom's mind, but from what he's been posting here, I'd say he and I have the same suspicion -- namely, that the weblet error report you've sent us is from an earlier attempt to get the forwarding working, not the rulesets we've been looking at.
It looks to me, at least, like the router (with the settings described in the attachment you sent) is forwarding at least *some* packets to the "local machine" ... so if the "local machine" is reporting "nothing is being received", then there might be a problem with its configuration. (What might that be? I don't run Half-Life, so I don't really know. As a general matter, NAT'd P2P apps often need to know the public IP address they are NAT'd to, so that's a possible configuration error, one that could permit LAN connections to work but cause NAT'd Internet connections to go unrecognized.)
And the information actually in the attachment (as distinct from the separate log/weblet entry you quote with no timestamp) shows no DROP'd packets that should have been DNAT'd.
Try this:
Reboot the router. (Get rid of stale log and weblet info ... only way to be dead sure of this given your wacky timestamps.)
Make sure the Shorewall rulesets are the same as the ones in the attachment you sent us earlier ... except add the rules Tom provided so that successfuly DNAT'd packets get logged.
Do the tests described in Shorewall FAQ 1b. (This is to make sure there is some UDP 27015 traffic to either be NAT'd or DROP'd.)
Report the results.
-- status shorewall (like Tom said)
-- check the logs to make sure it reports ALL logged packets involving UDP 27015.
Make sure everything has timestamps ... if necessary, get any packet logging info directly from the router's logs (not via weblet).
At this stage, I'd say the problem in diagnosis is the scattered nature of the information we've seen. If we can be sure we are seeing everything from a single run, with the same ruleset always in place, we might be able to offer a suggestion. At the moment, my **guess** -- and I offer it only as a guess -- is that the LEAF/Shorewall system is working properly and the problem is in the configuration of the Half-Life host.
I don't know how you should resolve the apparent conflict between leaf-user restrictions on attachments and Tom's preference for them. Will the list allow attachments with a .txt extension, perhaps? (I *think* it just objects to attachments with active-content risks, like .doc files, but we get so few attachments, I'm not really sure.)
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
