[Shorewall-newbies] games via internet - problem

Tom Eastep teastep at shorewall.net
Sat Mar 6 07:56:49 PST 2004


On Saturday 06 March 2004 07:12 am, centrum wrote:
> I have server MDK 9.2 and 10 clients (lan), and client (IP 192.168.1.100)
> want open game and nobody can't connect to him via internet, why? in local
> network is OK. ports for open:
> TCP ports:
> 80, 6667, 28910, 29900, 29920
> UDP ports:
> 4321, 27900
>
> my rules:
> ACCEPT  net     fw      tcp     80,443,53,22,20,21,25,109,110,143       -
> ACCEPT  net     fw      udp     53      -
> ACCEPT  masq    fw      tcp     80,443,53,22,20,21,25,109,110,143       -
> ACCEPT  masq    fw      udp     53      -
> ACCEPT  loc     fw      tcp     80,443,53,22,20,21,25,109,110,143       -
> ACCEPT  loc     fw      udp     53      -
> ACCEPT  masq    fw      tcp    
> domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp    - ACCEPT  masq   
> fw      udp     domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp    -
> ACCEPT  fw      masq    tcp     631,515,137,138,139     -
> ACCEPT  fw      masq    udp     631,515,137,138,139     -
> ACCEPT  loc     fw      tcp     8080
> ACCEPT  fw      net     tcp     80
> ACCEPT  masq    fw      tcp     8080
> ACCEPT  net     fw      tcp     113
> ACCEPT  masq    fw      tcp     113
> ACCEPT  loc     fw      tcp     113
> ACCEPT  net     fw      udp     113
> ACCEPT  masq    fw      udp     113
> ACCEPT  loc     fw      udp     113
> ACCEPT  fw      loc     udp     137,138,139
> ACCEPT  fw      loc     tcp     137,138,139,445
> ACCEPT  fw      loc     udp     1024            137
> ACCEPT  loc     fw      udp     137,138,139
> ACCEPT  loc     fw      tcp     137,138,139,445
> ACCEPT  loc     fw      udp     1024            137
>
> ACCEPT  net     fw      tcp     6667,28910,29900,29920
> ACCEPT  loc     fw      tcp     6667,28910,29900,29920
> ACCEPT  loc     fw      udp     4321,27900
> DNAT    net     loc:192.168.1.100       tcp     6667,28910,29900,29920
> ACCEPT  masq    fw      tcp     6667,28910,29900,29920
> ACCEPT  masq    fw      udp     4321,27900
> ACCEPT  net     fw      udp     4321,27900
>

I assume that you have a Mandrake setup since there is a masq zone -- If that 
is the case, YOU HAVE NO 'loc' ZONE (or rather the loc zone is empty). I 
don't know how I can advertise that any more clearly; it is mentioned on the 
Shorewall Home Page!!!

If this is a Mandrake system, none of the rules above that contain the word 
'loc' do anything!

Secondly,  I don't see where you are forwarding the UDP ports inbound -- you 
only have one DNAT rule and it is for TCP.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list