[Shorewall-newbies] Realplayer not working

Francesca C Smith fsmith at ladylinux.com
Fri Dec 5 18:37:52 PST 2003


Ok I am starting to see the issue


At 05:49 AM 12/5/2003, you wrote:
>/etc/shorewall/interfaces
>net     ppp0    detect
>wlan    wlan0   detect  dhcp



>
>loc     eth1    detect


Ok .. This is fine .. Except One Caveat Listed Below

>/etc/shorewall/policy
>wlan            net             ACCEPT          -
>loc             net             ACCEPT          -
>$FW             all             ACCEPT          -
>net     all     DROP    info
>all     all     REJECT  info

Ok .. This is fine also


>etc/shorewall/rules
>DROP:info       net     all     tcp     -       -
>DROP:info       net     all     udp     -       -
>DNAT:info       net     wlan:192.168.2.1        udp
>1271,6790:7170,7070,7071        -
>ACCEPT  wlan:~00-09-5B-12-35-54 $FW     tcp     ssh,https,www,10000,3306
>    -
>ACCEPT  wlan:~00-09-5B-12-35-54 $FW     udp     ssh,https,www,10000,3306
>    -

Heres where it gets screwy ..

Lose (These Are Duplicates of the entries in your policy file)

DROP:info       net     all     tcp     -       -
DROP:info       net     all     udp     -       -

You don't need Inbound rules with Real .. Unless you like real pop-ups

Lose ( You Use DHCP With That Laptop Right .. You Are Binding It To A 
Gateway address I figure ... And When You Use 6790:7170 it covers 7070 and 
7071)

DNAT:info       net     wlan:192.168.2.1        udp 
1271,6790:7170,7070,7071

I am assuming that the wlan:~ listings are the interface on your debian 
client .. If so they should be ok for Firewall maintenace .. although 
ssh,https,www,10000(webmin) don't use UDP so you can remove those entrys . 
I am not sure what 3306 is ..
>

/etc/shorewall/masq
ppp0    eth1
ppp0    wlan0

This is wrong .. the second masq entry should be

ppp0    wlan


Couple more questions .. where are you getting DNS from with the client and 
can you send me your routing entrys for the shorewall box

Francesca

>

"No Problems Only Solutions"
Francesca C. Smith
Lady Linux Internet Services
fsmith at ladylinux.com




More information about the Shorewall-newbies mailing list