[Shorewall-users] RealPlayer rules again - more detailed

Oliver Ertl 76729 at gmx.de
Wed Dec 3 15:15:00 PST 2003


Hi,

now I get the following in the logs:

Dec  3 15:08:59 Router root: Shorewall Started
Dec  3 15:09:04 Router kernel: Shorewall:wlan2net:ACCEPT:IN=wlan0 OUT=ppp0
SRC=192.168.2.1 DST=207.188.6.203 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=18315
DF
PROTO=TCP SPT=36370 DPT=7070 WINDOW=5840 RES=0x00 SYN URGP=0 
Dec  3 15:09:06 Router kernel: Shorewall:net_dnat:DNAT:IN=ppp0 OUT= MAC=
SRC=205.219.198.204 DST=217.84.70.128 LEN=520 TOS=0x00 PREC=0x00 TTL=54
ID=52564
PROTO=UDP SPT=1339 DPT=6790 LEN=500 
Dec  3 15:09:06 Router kernel: Shorewall:net2wlan:DROP:IN=ppp0 OUT=wlan0
SRC=205.219.198.204 DST=192.168.2.1 LEN=520 TOS=0x00 PREC=0x00 TTL=53
ID=52564
PROTO=UDP SPT=1339 DPT=6790 LEN=500 
Dec  3 15:09:06 Router kernel: Shorewall:net_dnat:DNAT:IN=ppp0 OUT= MAC=
SRC=205.219.198.204 DST=217.84.70.128 LEN=520 TOS=0x00 PREC=0x00 TTL=54
ID=52571
PROTO=UDP SPT=1339 DPT=6790 LEN=500 
Dec  3 15:09:06 Router kernel: Shorewall:net2wlan:DROP:IN=ppp0 OUT=wlan0
SRC=205.219.198.204 DST=192.168.2.1 LEN=520 TOS=0x00 PREC=0x00 TTL=53
ID=52571
PROTO=UDP SPT=1339 DPT=6790 LEN=500

Whats my mistake now ?

Oliver

> 
> 
> 
> Hi again,
> 
> I try it again, and hope to get RealPlayer G2 and Shorewall 1.4.8 to
> work
> together with your help.
> 
> My network looks like this:
> Net Zone (DSL) -------- Firewall/Router ------- Wlan Zone
> The Realplayer is a client in the Wlan Zone and the Wlan Zone is
> masqueraded
> on the Firewall/Router.
> 
> In the logging I could find entries like this:
> This line repeats a view times with DPT={6790,6791}
> 
> Dec  3 13:32:04 Router kernel: Shorewall:net2fw:DROP:IN=ppp0 OUT= MAC=
> SRC=205.219.198.204 DST=217.84.70.128 LEN=520 TOS=0x00 PREC=0x00
> TTL=54 ID=28050
> PROTO=UDP SPT=1339 DPT=6790 LEN=500
> 
> /etc/shorewall/policy
> wlan    net     ACCEPT  -
> loc      net      ACCEPT
> $FW    all     ACCEPT  -
> net     all     DROP    info
> all     all     REJECT  info
> 
> /etc/shorewall/rules
> DROP:info       net     all     tcp     -       -
> DROP:info       net     all     udp     -       -
> ACCEPT  wlan:~00-09-5B-12-35-54 $FW     tcp
> ssh,https,www,10000,3306
>    -
> ACCEPT  wlan:~00-09-5B-12-35-54 $FW     udp
> ssh,https,www,10000,3306
>    -
> ACCEPT:info     net     all     udp     6790,6791       -
> DNAT    net     wlan:192.168.2.1:7070   tcp     554     -
> 
> ----------<reply>--------------------
> Oliver:
> 
> ACCEPT:info     net     all     udp     6790,6791       -
> this will not work... from Tom's earlier reply, this should be
> 
> DNAT    net    loc:192.168.1.5         udp     1271,6790
> 
> Similar to the DNAT rule you used for the 554 port forwarding.
> 
> In your case, your client is on the wlan zone so that is
> DNAT    net    wlan:192.168.1.5         udp     1271,6790
> changing 192.168.1.5 to the ip address of the machine that has
> RealPlayer
> 
> Hope it helps...
> 
> Jerry Vonau
> 

-- 
Einfach Leben ist nicht genug, sagte der
Schmetterling. Man braucht Sonnenschein,
Freiheit und kleine Blumen. (Anderson)

+++ GMX - die erste Adresse für Mail, Message, More +++
Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net




-- 
Einfach Leben ist nicht genug, sagte der
Schmetterling. Man braucht Sonnenschein,
Freiheit und kleine Blumen. (Anderson)

+++ GMX - die erste Adresse für Mail, Message, More +++
Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net




More information about the Shorewall-users mailing list