[Shorewall-users] RealPlayer rules again - more detailed

Jerry Vonau jvonau at shaw.ca
Wed Dec 3 07:31:55 PST 2003




Hi again,

I try it again, and hope to get RealPlayer G2 and Shorewall 1.4.8 to
work
together with your help.

My network looks like this:
Net Zone (DSL) -------- Firewall/Router ------- Wlan Zone
The Realplayer is a client in the Wlan Zone and the Wlan Zone is
masqueraded
on the Firewall/Router.

In the logging I could find entries like this:
This line repeats a view times with DPT={6790,6791}

Dec  3 13:32:04 Router kernel: Shorewall:net2fw:DROP:IN=ppp0 OUT= MAC=
SRC=205.219.198.204 DST=217.84.70.128 LEN=520 TOS=0x00 PREC=0x00
TTL=54 ID=28050
PROTO=UDP SPT=1339 DPT=6790 LEN=500

/etc/shorewall/policy
wlan    net     ACCEPT  -
loc      net      ACCEPT
$FW    all     ACCEPT  -
net     all     DROP    info
all     all     REJECT  info

/etc/shorewall/rules
DROP:info       net     all     tcp     -       -
DROP:info       net     all     udp     -       -
ACCEPT  wlan:~00-09-5B-12-35-54 $FW     tcp
ssh,https,www,10000,3306
   -
ACCEPT  wlan:~00-09-5B-12-35-54 $FW     udp
ssh,https,www,10000,3306
   -
ACCEPT:info     net     all     udp     6790,6791       -
DNAT    net     wlan:192.168.2.1:7070   tcp     554     -

----------<reply>--------------------
Oliver:

ACCEPT:info     net     all     udp     6790,6791       -
this will not work... from Tom's earlier reply, this should be

DNAT    net    loc:192.168.1.5         udp     1271,6790

Similar to the DNAT rule you used for the 554 port forwarding.

In your case, your client is on the wlan zone so that is
DNAT    net    wlan:192.168.1.5         udp     1271,6790
changing 192.168.1.5 to the ip address of the machine that has
RealPlayer

Hope it helps...

Jerry Vonau



More information about the Shorewall-users mailing list