I'm trying to configure LEAF to work with a Qwest DSL connection via an Actiontec "DSL Gateway". I'm hoping that somebody out there has already had some success with this (unfortunately) fairly common combination.
At the top level, I'm trying to get port forwarding to work (so I can ssh behind the firewall, etc.) I've turned on the "DMZ" feature so that the Actiontec will forward ports. But the damned thing is rewriting them so that they run afoul of shorewall's rfc1918 rules: My rule: DNAT net loc:192.168.1.3:80 tcp 8080 The failure: Feb 24 06:09:37 chloris Shorewall:rfc1918:DROP: IN=eth0 OUT=eth1 MAC=00:60:8c:c8:f4:aa:00:20:e0:31:99:6f:08:00 SRC=69.59.192.81 DST=192.168.1.3 LEN=60 TOS=00 PREC=0x00 TTL=42 ID=30020 DF PROTO=TCP SPT=41342 DPT=80 SEQ=1227007334 ACK=0 WINDOW=5840 SYN URGP=0 RFC1918 was new to me 15 minutes ago, but I'm guessing that the rule doesn't like the DST=192.168.1.3, since 192.168.1.3 is an address that doesn't belong outside private networks. And sure enough, removing norfc1918 from /etc/shorewall/interfaces allows my DNAT rules to work. In one sense, the problem's solved. But: is this a reasonably safe thing to do? Has anybody out there found a better solution using LEAF with an Actiontec? Ideally I'd be able to turn the thing into a dumb bridge, but when it's set up that way I can't get my IP address via dhcp. I'm not ready to double the cost of the connection to get a static IP address. I'm using Bering-uClibc V2.1.0rc2. Thanks, --Eric House -- ****************************************************************************** * From the desktop of: Eric House, [EMAIL PROTECTED] * * Crosswords 4.0 for PalmOS is out!: <http://www.peak.org/~fixin/xwords> * ****************************************************************************** ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
