[Shorewall-users] RealPlayer rules again - more detailed

Jerry Vonau jvonau at shaw.ca
Wed Dec 3 07:31:55 PST 2003

Hi again,

I try it again, and hope to get RealPlayer G2 and Shorewall 1.4.8 to
together with your help.

My network looks like this:
Net Zone (DSL) -------- Firewall/Router ------- Wlan Zone
The Realplayer is a client in the Wlan Zone and the Wlan Zone is
on the Firewall/Router.

In the logging I could find entries like this:
This line repeats a view times with DPT={6790,6791}

Dec  3 13:32:04 Router kernel: Shorewall:net2fw:DROP:IN=ppp0 OUT= MAC=
SRC= DST= LEN=520 TOS=0x00 PREC=0x00
TTL=54 ID=28050
PROTO=UDP SPT=1339 DPT=6790 LEN=500

wlan    net     ACCEPT  -
loc      net      ACCEPT
$FW    all     ACCEPT  -
net     all     DROP    info
all     all     REJECT  info

DROP:info       net     all     tcp     -       -
DROP:info       net     all     udp     -       -
ACCEPT  wlan:~00-09-5B-12-35-54 $FW     tcp
ACCEPT  wlan:~00-09-5B-12-35-54 $FW     udp
ACCEPT:info     net     all     udp     6790,6791       -
DNAT    net     wlan:   tcp     554     -


ACCEPT:info     net     all     udp     6790,6791       -
this will not work... from Tom's earlier reply, this should be

DNAT    net    loc:         udp     1271,6790

Similar to the DNAT rule you used for the 554 port forwarding.

In your case, your client is on the wlan zone so that is
DNAT    net    wlan:         udp     1271,6790
changing to the ip address of the machine that has

Hope it helps...

Jerry Vonau

More information about the Shorewall-users mailing list