I have this rule, patterened Tom''s example for ICQ: ACCEPT net loc:192.168.2.8 tcp 1814 (Its for a peer to peer message tool like ICQ with out a third party server. Direct from IP to IP.) Its getting dropped by my net2all policy before the rule (above) gets applied. May 7 11:45:43 norcomix kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:40:c7:2e:09:c0:00:40:c7:15:96:24:08:00 SRC=24.237.19.120 DST=24.237.22.45 LEN=64 TOS=0x04 PREC=0xA0 TTL=127 ID=47567 DF PROTO=TCP SPT=2569 DPT=1814 WINDOW=8192 RES=0x00 SYN URGP=0 What am I doing wrong here?? If I temporarily (and foolishly) modify my policy for net to all to ACCEPT rather than DROP, it works fine, so I know the packet can be passed properly thru the firewall correctly. ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/
On Tue, 7 May 2002, John Andersen wrote:> I have this rule, patterened Tom''s example for ICQ: > > ACCEPT net loc:192.168.2.8 tcp 1814 > > (Its for a peer to peer message tool like ICQ with out > a third party server. Direct from IP to IP.) > > Its getting dropped by my net2all policy before the rule (above) gets > applied. > > May 7 11:45:43 norcomix kernel: Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:40:c7:2e:09:c0:00:40:c7:15:96:24:08:00 SRC=24.237.19.120 DST=24.237.22.45 LEN=64 TOS=0x04 > PREC=0xA0 TTL=127 ID=47567 DF PROTO=TCP SPT=2569 DPT=1814 WINDOW=8192 RES=0x00 SYN URGP=0 > > What am I doing wrong here?? >You need a port forwarding rule -- the above is just an ACCEPT rule. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On 7 May 2002 at 13:00, Tom Eastep wrote:> On Tue, 7 May 2002, John Andersen wrote: > > > I have this rule, patterened Tom''s example for ICQ: > > > > ACCEPT net loc:192.168.2.8 tcp 1814>> You need a port forwarding rule -- the above is just an ACCEPT rule.So howcome it works for you? I cribbed it from your myfiles.htm ?? ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/
On Tue, 7 May 2002, John Andersen wrote:> On 7 May 2002 at 13:00, Tom Eastep wrote: > > > On Tue, 7 May 2002, John Andersen wrote: > > > > > I have this rule, patterened Tom''s example for ICQ: > > > > > > ACCEPT net loc:192.168.2.8 tcp 1814 > > > > You need a port forwarding rule -- the above is just an ACCEPT rule. > > So howcome it works for you? I cribbed it from your > myfiles.htm ?? >Because I use STATIC NAT and you don''t! -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net