For reasons unconnected with my problem I decided it was time to go back to using a proper firewall (I used to use Smoothwall) instead of relying on my wireless router''s firewall function so I installed Shorewall on a clean Debian Etch installation that also now functions as my dns and dhcp server using dnsmasq. The installation went smoothly and everything worked fine until I tried to run Azureus (which always worked well with my previous setup). Azureus requires tcp and udp access to the machine running azureus from the internet so I added a dnat rule on the port azureus is setup to use which, in my case, is 48993. Once this rule had been added and only then, Azureus reported that it passed the nat test implying that all was well. Azureus does work if the port is not forwarded, but the download speeds are extremely low (~1KB/s) and this is exactly what I am seeing. The performance is no different whether I have the dnat rule in place or not. I have (in line with the instructions on the Shorewall web site) attached a dump from Shorewall. I would of course be happy to provide any more relevant information if it would help. For information the green interface of my fw is 192.168.1.1 on eth1, the red interface is 82.47.149.172 on eth2 (it gets the ip address through dhcp but I never turn it off so it doesn''t change often) and the address of the machine running Azureus is 192.168.1.11. Can anyone suggest what I have done wrong? Thanks, Simon ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Simon Langley wrote:> Can anyone suggest what I have done wrong?I don''t see anything wrong with your setup. You might see if placing the following command in your /etc/shorewall/init file makes any difference. echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
It now appears that the changeover of firewall may have been coincidental. The machine running Azureus (on Ubuntu) also has an XP partition that I haven''t used for months so on the off chance I rebooted into that and once I had replicated the Ubuntu network settings on the XP installation Azureus worked fine (I am getting 760kB/s now). Although I hadn''t updated Azureus at the time AFAIK, different versions are behaving differently which shouldn''t be the firewall''s fault. I think I need to ask on the Azureus forum instead. Thanks for your help. Simon On 29 Sep 2007, at 22:46, Tom Eastep wrote:> Simon Langley wrote: > >> Can anyone suggest what I have done wrong? > > I don''t see anything wrong with your setup. You might see if > placing the > following command in your /etc/shorewall/init file makes any > difference. > > echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/