Hello,
I am trying to setup a portforwarding on my machine. I googled and also
checked the FAQ (http://www.shorewall.net/FAQ.htm#faq1), but I can''t
get
it to work. Maybe someone can advice me the right direction:
1)
umts1 ~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:60:67:78:33:E5
inet addr:192.168.20.99 Bcast:192.168.20.255 Mask:255.255.255.0
ppp0 Link encap:Point-to-Point Protocol
inet addr:80.187.2.207 P-t-P:10.64.64.64 Mask:255.255.255.255
the ppp0 device is my external device (UMTS Card), while eth0 is connected
to a webcam. The ip of the webcam is 192.168.20.27. I can access the
webcam from the local machine itself.
1b)
umts1 ~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 80.187.2.207 0.0.0.0 UG 0 0 0 ppp0
2)
umts1 ~ # cat /etc/shorewall/zones
fw firewall
loc ipv4
net ipv4
3)
umts1 ~ # cat /etc/shorewall/rules
ACCEPT net fw tcp 22
ACCEPT net fw icmp 8
ACCEPT net fw tcp 20,21
ACCEPT net fw tcp 80
ACCEPT net loc tcp 80
DNAT net loc:192.168.20.27 tcp http
4)
umts1 ~ # shorewall show nat
Chain net_dnat (1 references)
pkts bytes target prot opt in out source
destination
7 420 DNAT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 to:192.168.20.27
5)
umts1 ~ # shorewall show zones
Shorewall-3.0.6 Zones at umts1 - Mon Jun 19 10:32:34 CEST 2006
fw (firewall)
loc (ipv4)
eth0:0.0.0.0/0
net (ipv4)
ppp0:0.0.0.0/0
The firewall seems NOT to block the incoming packages, at least it does
not shown in the log. Any ideas ?
Thanks
Stonki
Stefan Onken wrote:> Hello, > > I am trying to setup a portforwarding on my machine. I googled and also > checked the FAQ (http://www.shorewall.net/FAQ.htm#faq1), but I can''t get > it to work. Maybe someone can advice me the right direction: >Did you follow the troubleshooting procedure in FAQ 1a and FAQ 1b? If so, what were the results? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Stefan Onken wrote:> > > the ppp0 device is my external device (UMTS Card), while eth0 is connected > to a webcam. The ip of the webcam is 192.168.20.27. I can access the > webcam from the local machine itself. > > umts1 ~ # shorewall show nat > Chain net_dnat (1 references) > pkts bytes target prot opt in out source > destination > 7 420 DNAT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 to:192.168.20.27 >Sorry -- I missed that information the first time.> > The firewall seems NOT to block the incoming packages, at least it does > not shown in the log. Any ideas ?What about the default gateway setting on the webcam (192.168.20.27)? It should be set to 192.168.20.99. If you can''t set the default gateway, you''ll have to masquerade traffic from the net to the web camera with this entry in /etc/shorewall/masq: eth0:192.168.20.27 0.0.0.0/0 192.168.20.99 tcp 80 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Am Montag, 19. Juni 2006 16:44 schrieb Tom Eastep:> > The firewall seems NOT to block the incoming packages, at least > > it does not shown in the log. Any ideas ? > > What about the default gateway setting on the webcam > (192.168.20.27)? It should be set to 192.168.20.99.thanks for your help. That was the problem (and a missing Accept Rule for loc:192.168.20.27) cu stonki -- www.stonki.de: the more I see, the more I know....... www.proftpd.de: Deutsche ProFTPD Dokumentation www.krename.net: Der Batch Renamer für KDE www.kbarcode.net: Die Barcode Solution für KDE