Hi Huy, That's an interesting idea. I hadn't considered that. I could turn off the DHCP server in the Netgear and then give the wireless clients static IP's. I'll have to experiment and see if when the Uplink port isn't used if the other 4 ports act like a hub, or if there is a way to configure it to be a hub.
Thanks for the idea, Barry -----Original Message----- From: Huy Bui [mailto:[EMAIL PROTECTED] Sent: Friday, January 21, 2005 2:01 AM To: Barry Baldwin Cc: Leaf-User (E-mail) Subject: Re: RE: [leaf-user] Shorewall Port Forwarding Hi Barry Can you turn off the routing functionality of the netgear altogether and use it as a access point only. Connect your game server and your leaf eth1 to 2 of the 4 port and use it as a hub. IP will be handed out by LEAF to the game server and any wireless client connect through the netgear. I use to do this for a Belkin and D-link wireless router. Huy ----- Original Message ----- From: "Joey Officer" <[EMAIL PROTECTED]> To: "Barry Baldwin" <[EMAIL PROTECTED]> Cc: "Leaf-User (E-mail)" <leaf-user@lists.sourceforge.net> Sent: Friday, January 21, 2005 3:41 AM Subject: RE: RE: [leaf-user] Shorewall Port Forwarding > Yes, because the system is performing NAT, then (even at the most basic > level) a firewall is in place. What you will need to do is find the > configuration to disable, and make the netgear a passthrough device, so > that > it doesn't perform any inspection at all, and treats the eth1 connection > strictly as an uplink. > > Whats the model of the netgear appliance, I'd be happy to look it up and > take a peek at the manual as well. > > Joey > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Barry Baldwin > Sent: Thursday, January 20, 2005 7:40 PM > To: [EMAIL PROTECTED] > Cc: Leaf-User (E-mail) > Subject: RE: RE: [leaf-user] Shorewall Port Forwarding > > > Hey Joey, > > You are correct, the Netgear has an uplink or WAN port that is connected > to > eth1 of the LEAF box. The Netgear router has 4 wired ports and my game > server is connected to one of them. The Netgear hands out IP's to > wireless > clients and to clients connected to the wired ports as well. The Netgear > does have stateful packet inspection, but I believe I have this turned > off. > ( I will check when I get home). > > You say that the Netgear is acting as a 2nd firewall. Is this because of > the NATing that is being done? I've looked and I don't see a way to turn > that off. > > I'm going to delve into the netgear manual a bit deeper tonight and see if > I > can find something. > > Thanks for your help, > > Barry > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 20, 2005 10:29 AM > To: Barry Baldwin > Cc: Leaf-User (E-mail) > Subject: Re: RE: [leaf-user] Shorewall Port Forwarding > > > Sorry for comming late to this thread, but I thought I'd add my 2 cents. > > Barry, > > from your earlier description of your setup, I have a question and a > possibly suggestion. The Netgear device, I assume has atleast the one > uplink port, which is what's tied into the LEAF box, from there, the > Netgear > hands out IP addresses to its wireless clients, sounds good enough there. > > If this is true, then the Netgear is acting as a 2nd firewall (think DMZ > situation), and you have a couple of options. Not being inheritly > familiar > with the Netgear product, I think that you should be able to turn off the > firewall function, and use it as a wired/wireless bridge device. > > Additionally, I assume that eth1 is plugged into a wired switch, which is > where your PC is plugged into also, and are able to get an IP from. This > being the case, you 'could' turn your LEAF box into a network switch as > well, by using the bridging module and tools. This effectively puts the > all > of your wireless and wired clients on the same network (assuming that this > is OK). From there, you would simply place a DNAT config under Shorewall, > pointing to the 192.168.1.x of the game server. > > Pehaps I missed a step or two, but what you are doing isn't that > dissimilar > to what I am doing, except I don't have a wireless access point. Let me > know if you have any questions. > > Joey > > ----- Original Message ----- > From: Barry Baldwin <[EMAIL PROTECTED]> > Date: Thursday, January 20, 2005 12:07 pm > Subject: RE: [leaf-user] Shorewall Port Forwarding > >> Thanks Tom and Huy for your responses. >> >> I tried changing my leaf box to forward port 6112 to 192.168.1.4 >> and then >> set the Netgear router to port forward 6112 to my game server >> (192.168.2.3). This didn't seem to work either. The >> FORWARD:REJECT errors >> went away though. :) I'm not sure what is meant by a "2 way >> router". Is >> that the same as port forwarding? >> >> Is the problem I'm having because the Netgear is a router? If the >> Netgearwas just a switch would what I have set up work? >> >> Would a better solution be to turn my leaf box into a wireless >> router and >> get rid of the Netgear? >> >> Thanks in advance, >> >> Barry >> >> -----Original Message----- >> From: Huy Bui [EMAIL PROTECTED] >> Sent: Friday, January 14, 2005 2:08 AM >> To: Barry Baldwin; Leaf-User (E-mail) >> Subject: Re: [leaf-user] Shorewall Port Forwarding >> >> >> Firstly I don't think your bering does not know the route to the >> Netgear. So >> >> it try to route anything for 192.168.2.0/24 through the default >> gateway >> which is eth0. >> Secondly your game PC is behind the netgear so it's is probalby >> being NATed >> by the netgear. >> I don't know much about the Netgear set up so you have to see if >> it can be >> set up as a 2 way router and then add a route on your bering to >> route >> anything for 192.168.2 to 192.168.1.4 >> >> i.e ip route add 192.168.2.0/24 via 192.168.1.2 dev eth1 >> hope this help >> Huy >> >> ----- Original Message ----- >> From: "Barry Baldwin" <[EMAIL PROTECTED]> >> To: "Leaf-User (E-mail)" <leaf-user@lists.sourceforge.net> >> Sent: Friday, January 14, 2005 2:03 AM >> Subject: [leaf-user] Shorewall Port Forwarding >> >> >> > Hello all, >> > >> > I've setup a Bering uClibc system at home as a firewall. It >> came up and >> > is >> > working great. >> > (By the way I tested it by going to www.hackerwatch.org/probe/ ) >> > I'm now playing around with trying to allow one of my PC's >> behind the >> > firewall to host an internet game ( Warcraft III). >> > Here is the topology of my network. >> > >> > PPP0 dhcp / 192.168.1.254 192.168.1.4 / >> > 192.168.2.1 >> > 192.168.2.3 >> > Internet --> DSL Modem --> Bering FW box --> Netgear 4 port >> wireless >> > router >> > --> PC game server >> > >> > Sorry for the weak/non-existent ASCII art. >> > + So basically I have a DSL line that goes into a DSL modem, >> > + The modem goes to the Bering Firewall box which is a PPPoE >> connection> + The Firewall goes to a wireless router( Netgear >> MR814) through eth1 with >> >> > 4 >> > ports. >> > Eth1 on the FW is 192.168.1.254 the routers WAN interface IP is >> > 192.168.1.4 >> > + One of the wired ports goes to the PC game server. >> > The Routers IP is 192.168.2.1 and the PC game servers IP is >> > 192.168.2.3 >> > >> > The default gateway of my PC game server is set to the wireless >> > router(192.168.2.1) >> > >> > To the shorewall rules configuration file I've added >> > DNAT net loc:192.168.2.3 tcp 6112 >> > DNAT net loc:192.168.2.3 udp 6112 >> > #Wasn't sure if these were needed so I added them anyway. >> > ACCEPT net fw tcp 6112 >> > ACCEPT net fw udp 6112 >> > ACCEPT loc fw tcp 6112 >> > ACCEPT loc fw udp 6112 >> > >> > This doesn't work. >> > >> > From the FAQ on shorewall.net I did the following. >> > "iptables -t nat -Z" to clear the counts >> > then I attempted to host a game >> > Then I did "shorewall show nat" to look at the counts. >> > The counts are zero. If I join a game, then the counts increment >> > and the shorewall.log file contains a bunch of FORWARD:REJECT >> > entries for the 6112 port. I'm not sure why the REJECTS are >> happening.> >> > I have DSL through SBC and I have friends who are able to host >> games, so I >> > am pretty certain that the ISP is not blocking that port. Not >> sure >> > exactly >> > what else to try. I'm guessing I'm missing something obvious. >> > >> > Any suggestions would be appreciated, >> > Thanks in advance, >> > Barry >> > >> > >> > >> > >> > ------------------------------------------------------- >> > The SF.Net email is sponsored by: Beat the post-holiday blues >> > Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. >> > It's fun and FREE -- well, >> almost....http://www.thinkgeek.com/sfshirt> ----------------------- >> ------------------------------------------------- >> > leaf-user mailing list: leaf-user@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/leaf-user >> > SR FAQ: http://leaf- >> project.org/pub/doc/docmanager/docid_1891.html >> >> >> ------------------------------------------------------- >> This SF.Net email is sponsored by: IntelliVIEW -- Interactive >> ReportingTool for open source databases. Create drag-&-drop >> reports. Save time >> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. >> Download a FREE copy at http://www.intelliview.com/go/osdn_nl >> ------------------------------------------------------------------- >> ----- >> leaf-user mailing list: leaf-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/leaf-user >> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html >> > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > Tool for open source databases. Create drag-&-drop reports. Save time > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting > Tool for open source databases. Create drag-&-drop reports. Save time > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. > Download a FREE copy at http://www.intelliview.com/go/osdn_nl > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
