irrevenant
2003-Nov-28 15:47 UTC
[Shorewall-users] Problem getting dcgui-qt to work through shorewall
My dcgui-qt (chat/file-sharing program) doesn''t work and I''m
pretty sure it''s my firewall settings.
dcgui-qt is a direct connect (file sharing & chat) client.
According to the FAQ here
(http://dcplusplus.sourceforge.net/faq/faq.php) all I should need to do
is:
-------
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT PORT(S) DEST
DNAT net loc:192.168.0.7 tcp 666 - 123.45.67.89
DNAT net loc:192.168.0.7 udp 666 - 123.45.67.89
(assuming loc is the zone where your computer is located, 192.168.0.7 is
your computer''s IP, 666 is the port you wish to use and 123.45.67.89 is
your external IP)
-------
I''ve done this and it still doesn''t work.
I''m using shorewall 1.46c under Mandrake 9.1 (but I''m using a
clean
install of shorewall, not the Mandrake one).
Can anyone please help?
My settings are as follows:
ip addr show:
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
100
link/ether 00:e0:29:67:28:49 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP> mtu 1500 qdisc pfifo_fast
qlen 100
link/ether 00:00:21:dc:4b:db brd ff:ff:ff:ff:ff:ff
inet 169.254.19.126/16 brd 169.254.255.255 scope global eth1:9
6868: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast
qlen 3
link/ppp
inet 203.113.232.72 peer 203.17.101.28/32 scope global ppp0
ip route show:
203.17.101.28 dev ppp0 proto kernel scope link src 203.113.232.72
192.168.0.0/24 dev eth0 scope link
169.254.0.0/16 dev eth1 proto kernel scope link src 169.254.19.126
127.0.0.0/8 dev lo scope link
default via 203.17.101.28 dev ppp0
shorewall show log:
Nov 27 22:54:40 net2all:DROP:IN=ppp0 OUT= SRC=211.154.167.13
DST=203.113.232.72 LEN=48 TOS=0x10 PREC=0x00 TTL=106 ID=8267 DF
PROTO=TCP SPT=50812 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Nov 27 22:54:43 net2all:DROP:IN=ppp0 OUT= SRC=211.154.167.13
DST=203.113.232.72 LEN=48 TOS=0x10 PREC=0x00 TTL=106 ID=8362 DF
PROTO=TCP SPT=50812 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0
Nov 27 23:12:58 net2all:DROP:IN=ppp0 OUT= SRC=200.165.14.73
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=11352 DF
PROTO=TCP SPT=4793 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 27 23:13:01 net2all:DROP:IN=ppp0 OUT= SRC=200.165.14.73
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=55896 DF
PROTO=TCP SPT=4793 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 27 23:13:07 net2all:DROP:IN=ppp0 OUT= SRC=200.165.14.73
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=25178 DF
PROTO=TCP SPT=4793 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 27 23:13:19 net2all:DROP:IN=ppp0 OUT= SRC=200.165.14.73
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=54364 DF
PROTO=TCP SPT=4793 DPT=1080 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 28 00:20:17 net2all:DROP:IN=ppp0 OUT= SRC=212.204.12.245
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=11973 DF
PROTO=TCP SPT=4389 DPT=554 WINDOW=16384 RES=0x00 SYN URGP=0
Nov 28 00:20:20 net2all:DROP:IN=ppp0 OUT= SRC=212.204.12.245
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=12194 DF
PROTO=TCP SPT=4389 DPT=554 WINDOW=16384 RES=0x00 SYN URGP=0
Nov 28 06:19:55 net2all:DROP:IN=ppp0 OUT= SRC=80.163.8.224
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=20362 DF
PROTO=TCP SPT=4372 DPT=17300 WINDOW=64240 RES=0x00 SYN URGP=0
Nov 28 10:33:27 net2all:DROP:IN=ppp0 OUT= SRC=82.82.128.133
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=28714 DF
PROTO=TCP SPT=4476 DPT=34816 WINDOW=45474 RES=0x00 SYN URGP=0
Nov 28 11:26:54 net2all:DROP:IN=ppp0 OUT= SRC=80.181.54.122
DST=203.113.232.72 LEN=40 TOS=0x10 PREC=0x00 TTL=101 ID=33553 PROTO=TCP
SPT=21 DPT=21 WINDOW=46276 RES=0x00 SYN URGP=0
Nov 28 15:50:00 net2all:DROP:IN=ppp0 OUT= SRC=212.202.177.63
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=40897 DF
PROTO=TCP SPT=3842 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Nov 28 15:50:03 net2all:DROP:IN=ppp0 OUT= SRC=212.202.177.63
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=41749 DF
PROTO=TCP SPT=3842 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
Nov 28 16:18:13 net2all:DROP:IN=ppp0 OUT= SRC=80.142.252.153
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=6551 DF
PROTO=TCP SPT=1111 DPT=1433 WINDOW=64800 RES=0x00 SYN URGP=0
Nov 28 16:18:15 net2all:DROP:IN=ppp0 OUT= SRC=80.142.252.153
DST=203.113.232.72 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=6725 DF
PROTO=TCP SPT=1111 DPT=1433 WINDOW=64800 RES=0x00 SYN URGP=0
Nov 28 16:51:31 net2all:DROP:IN=ppp0 OUT= SRC=61.149.253.30
DST=203.113.232.72 LEN=64 TOS=0x00 PREC=0x00 TTL=37 ID=29882 DF
PROTO=TCP SPT=40800 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 28 16:51:34 net2all:DROP:IN=ppp0 OUT= SRC=61.149.253.30
DST=203.113.232.72 LEN=64 TOS=0x00 PREC=0x00 TTL=37 ID=30128 DF
PROTO=TCP SPT=40800 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 28 16:51:40 net2all:DROP:IN=ppp0 OUT= SRC=61.149.253.30
DST=203.113.232.72 LEN=64 TOS=0x00 PREC=0x00 TTL=37 ID=30663 DF
PROTO=TCP SPT=40800 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0
Nov 28 18:13:49 all2all:REJECT:IN=eth0 OUT= SRC=192.168.0.8
DST=203.113.232.72 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8015 DF PROTO=TCP
SPT=33667 DPT=9176 WINDOW=5840 RES=0x00 SYN URGP=0
Nov 28 18:16:24 all2all:REJECT:IN=eth0 OUT= SRC=192.168.0.8
DST=203.113.232.72 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=38322 DF
PROTO=TCP SPT=33669 DPT=9176 WINDOW=5840 RES=0x00 SYN URGP=0
interfaces:
net ppp0 - dhcp,routefilter,norfc1918
loc eth0 detect
params:
ppp0_ip=`find_interface_address ppp0`
policy:
###############################################################################
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
#loc net ACCEPT
# If you want open access to the Internet from your Firewall
# remove the comment from the following line.
fw net ACCEPT
loc net ACCEPT
net all DROP info
all all REJECT info
rules:
# #ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL
# # PORT PORT(S)
DEST
# DNAT net loc:192.168.1.3 tcp 80 -
130.252.100.69
##############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT PORT(S) DEST
#
# Accept DNS connections from the firewall to the network
#
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
#
# Accept SSH connections from the local network for administration
#
#ACCEPT loc fw tcp 22
#
# Allow Ping To And From Firewall
#
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp 8
ACCEPT fw net icmp 8
#
# Allow DCgui etc. through
DNAT net loc:192.168.0.8 tcp 9176 - $ppp0_ip
DNAT net loc:192.168.0.8 udp 9176 - $ppp0_ip
#
Thank you.
--
The reasonable man adapts himself to the world; the
unreasonable man persists in trying to adapt the world to
himself. Therefore all progress depends on the unreasonable
man. -- George Bernard Shaw
----------------
Powered by telstra.com
Tom Eastep
2003-Nov-28 16:24 UTC
[Shorewall-users] Problem getting dcgui-qt to work through shorewall
On Sat, 29 Nov 2003, irrevenant wrote:> > My dcgui-qt (chat/file-sharing program) doesn''t work and I''m pretty sure it''s my firewall settings. > dcgui-qt is a direct connect (file sharing & chat) client. > > According to the FAQ here > (http://dcplusplus.sourceforge.net/faq/faq.php) all I should need to do > is: > ------- > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL > # PORT PORT(S) DEST > DNAT net loc:192.168.0.7 tcp 666 - 123.45.67.89 > DNAT net loc:192.168.0.7 udp 666 - 123.45.67.89 > > (assuming loc is the zone where your computer is located, 192.168.0.7 is > your computer''s IP, 666 is the port you wish to use and 123.45.67.89 is > your external IP) > ------- > > I''ve done this and it still doesn''t work. > >And have you followed the troubleshooting tips in FAQs 1a and 1b?\ -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net