Alle Tuesday 09 January 2007 16:34, Bob Coffman Jr - Info From Data ha scritto: > First, you: > ACCEPT net fw tcp 4662 > ACCEPT net fw udp 4672,4673,4665 > > Then you: > > DNAT net lan tcp 4662 > DNAT net lan udp 4672,4673,4665
Thanks for the hint! So, whe I want to DNAT a port I have first to ACCEPT net to fw connection for that port. Right? I've eliminate the rules for lan clients and I've setup amule only for server: ACCEPT fw net tcp 4662,4661,4242,3000 ACCEPT fw net udp 4672,4673,4665 ACCEPT net fw tcp 4662 ACCEPT net fw udp 4672,4673,4665 Finally I've HighID but Kad is Firewalld (not too bad), but there's another question now. In the iptables rules (created by shorewall) I've this (for example the tcp part of the previous rules): iptables -L | grep 4662 ACCEPT tcp -- anywhere anywhere multiport dports 4662,4661,4242,3000 ACCEPT tcp -- anywhere anywhere tcp dpt:4662 Why source and destination are both "anywhere"? I think it should be something like that: ACCEPT tcp -- 127.0.0.1 anywhere multiport dports 4662,4661,4242,3000 ACCEPT tcp -- anywhere 127.0.0.1 tcp dpt:4662 Am I wrong? ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
