I still have one Dachstein firewall kicking around. There were specific modules (helpers) to get around some of the more complicated stuff that ipchains didn't handle. These modules went by the name:
ip_masq_xxxxx These were a bunch of these. They are like the ip_contrack modules for iptables. Some of them were: ip_masq_ftp ip_masq_quake ip_masq_h323 If you look in /etc/modules you will see a list of them near the bottom. I have no idea if any of these pertain to your application, or if there is one for your app that could be compiled for Dachstein. It is a direction to look though! ;-) Good luck, Sean On Tue, 2003-12-30 at 14:01, Ray Olszewski wrote: > Without getting bogged down in too much detail -- I did some research on > your problem and I **think** it lies in the details of how ipchains does > NATing and port forwarding. > > This URL -- http://saturn5.hn.org/ps2.html -- explains what you need to do > and how to do it on a BSD router. I can translate that for iptables, but > I'm too rusty on ipchains to do it there (or even to know for sure whether > it *can* be done). Perhap someone here who remembers the intricacies of > ipchains better than I can pick this up and provide the needed detail. > > The short version: the system needs a set of NATing rules that NAT LAN > sport 6000-6999, -AND- will ACCEPT unrelated traffic back to those ports. I > can believe that Linksys router do this ... they are way less paranoid than > LEAF routers. Standard ipchains port forwarding (I **think**) doesn't do > this because it does not reliably NAT connections *originating* from the > LAN host at (say) port 6000 to router external port 6000 ... it only > port-forwards traffic originating to router external port 6000 correctly. > > At 09:24 AM 12/30/2003 -0800, Michael Rogers wrote: > >--- Ray Olszewski <[EMAIL PROTECTED]> wrote: > > > At 12:34 PM 12/29/2003 -0800, Michael Rogers wrote: > > > >I know this is probably simple and trivial, but I > > > >can't get it to work for the life of me... > [details deleted] > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
