Thanks Tom and Huy for your responses. I tried changing my leaf box to forward port 6112 to 192.168.1.4 and then set the Netgear router to port forward 6112 to my game server (192.168.2.3). This didn't seem to work either. The FORWARD:REJECT errors went away though. :) I'm not sure what is meant by a "2 way router". Is that the same as port forwarding?
Is the problem I'm having because the Netgear is a router? If the Netgear was just a switch would what I have set up work? Would a better solution be to turn my leaf box into a wireless router and get rid of the Netgear? Thanks in advance, Barry -----Original Message----- From: Huy Bui [mailto:[EMAIL PROTECTED] Sent: Friday, January 14, 2005 2:08 AM To: Barry Baldwin; Leaf-User (E-mail) Subject: Re: [leaf-user] Shorewall Port Forwarding Firstly I don't think your bering does not know the route to the Netgear. So it try to route anything for 192.168.2.0/24 through the default gateway which is eth0. Secondly your game PC is behind the netgear so it's is probalby being NATed by the netgear. I don't know much about the Netgear set up so you have to see if it can be set up as a 2 way router and then add a route on your bering to route anything for 192.168.2 to 192.168.1.4 i.e ip route add 192.168.2.0/24 via 192.168.1.2 dev eth1 hope this help Huy ----- Original Message ----- From: "Barry Baldwin" <[EMAIL PROTECTED]> To: "Leaf-User (E-mail)" <leaf-user@lists.sourceforge.net> Sent: Friday, January 14, 2005 2:03 AM Subject: [leaf-user] Shorewall Port Forwarding > Hello all, > > I've setup a Bering uClibc system at home as a firewall. It came up and > is > working great. > (By the way I tested it by going to www.hackerwatch.org/probe/ ) > I'm now playing around with trying to allow one of my PC's behind the > firewall to host an internet game ( Warcraft III). > Here is the topology of my network. > > PPP0 dhcp / 192.168.1.254 192.168.1.4 / > 192.168.2.1 > 192.168.2.3 > Internet --> DSL Modem --> Bering FW box --> Netgear 4 port wireless > router > --> PC game server > > Sorry for the weak/non-existent ASCII art. > + So basically I have a DSL line that goes into a DSL modem, > + The modem goes to the Bering Firewall box which is a PPPoE connection > + The Firewall goes to a wireless router( Netgear MR814) through eth1 with > 4 > ports. > Eth1 on the FW is 192.168.1.254 the routers WAN interface IP is > 192.168.1.4 > + One of the wired ports goes to the PC game server. > The Routers IP is 192.168.2.1 and the PC game servers IP is > 192.168.2.3 > > The default gateway of my PC game server is set to the wireless > router(192.168.2.1) > > To the shorewall rules configuration file I've added > DNAT net loc:192.168.2.3 tcp 6112 > DNAT net loc:192.168.2.3 udp 6112 > #Wasn't sure if these were needed so I added them anyway. > ACCEPT net fw tcp 6112 > ACCEPT net fw udp 6112 > ACCEPT loc fw tcp 6112 > ACCEPT loc fw udp 6112 > > This doesn't work. > > From the FAQ on shorewall.net I did the following. > "iptables -t nat -Z" to clear the counts > then I attempted to host a game > Then I did "shorewall show nat" to look at the counts. > The counts are zero. If I join a game, then the counts increment > and the shorewall.log file contains a bunch of FORWARD:REJECT > entries for the 6112 port. I'm not sure why the REJECTS are happening. > > I have DSL through SBC and I have friends who are able to host games, so I > am pretty certain that the ISP is not blocking that port. Not sure > exactly > what else to try. I'm guessing I'm missing something obvious. > > Any suggestions would be appreciated, > Thanks in advance, > Barry > > > > > ------------------------------------------------------- > The SF.Net email is sponsored by: Beat the post-holiday blues > Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. > It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
