First, you: ACCEPT net fw tcp 4662 ACCEPT net fw udp 4672,4673,4665
Then you: DNAT net lan tcp 4662 DNAT net lan udp 4672,4673,4665 How is shorewall supposed to know whether to DNAT or ACCEPT a packet that arrives on your "net" adapter? I believe what it does is go with the first match in the rules file, so whatever you do second (probably the DNAT) will never be matched. Try changing the ports you are using on the client and setting your rules up to match, so they don't conflict with the server. Another thing you should do for your DNAT rule is to specify the host you want, for example: DNAT net lan:10.0.0.5 tcp 4662 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sond Sent: Tuesday, January 09, 2007 10:49 AM To: [email protected] Subject: [Shorewall-users] Shorewall and amule Hi all, I've installed shorewall 2.2.3-2 on debian sarge (a server with nat, dhcp and dns). I can't obtain an HighID with amule. This is my configuration: interfaces: net eth1 detect routefilter,tcpflags,blacklist lan eth0 detect blacklist,dhcp zones: net Net lan Local policy: fw net DROP info net fw DROP info lan net DROP info fw lan DROP info lan fw DROP info net all DROP info all all REJECT info Here the rules to allow amule traffic for it: ACCEPT fw net tcp 4662,4661,4242,3000 ACCEPT fw net udp 4672,4673,4665 ACCEPT net fw tcp 4662 ACCEPT net fw udp 4672,4673,4665 I've also some lan clients. In the rules file there are these lines to allow amule traffic for lan clients: ACCEPT lan net tcp 4662,4661,4242,3000 ACCEPT lan net udp 4672,4673,4665 DNAT net lan tcp 4662 DNAT net lan udp 4672,4673,4665 Routing is ok. For lan clients I obtain an HighID and Kad is Ok. For the server host I have LowID and Kad is firewalled. How is it possible? Someone can help me? Thanks. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
