Just a quick question:
> > 7. Some Log Messages
> > May 14 07:49:59 localhost kernel: Shorewall:man1918:DROP:IN=eth0
OUT> > MAC=00:4f:4e:0f:00:b3:00:a0:c5:4b:b6:63:08:00 SRC=204.157.6.21
> > DST=10.1.1.2
> > LEN=32 TOS=0x00 PREC=0x00 TTL=115 ID=54082 PROTO=UDP SPT=28800
DPT=28800
> > LEN=12
> >
> > May 14 07:50:00 localhost kernel: Shorewall:man1918:DROP:IN=eth0
OUT> > MAC=00:4f:4e:0f:00:b3:00:a0:c5:4b:b6:63:08:00 SRC=66.152.9.170
> > DST=10.1.1.2
> > LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=58307 DF PROTO=TCP SPT=2060
DPT=2300> > WINDOW=64240 RES=0x00 SYN URGP=0
>
> The above messages are a consequence of your having set
''norfc1918'' on
eth0> and you have an RFC 1918 external IP address.
Can you explain what the norfc1918 does behind the scenes... what changes
does it make that differ with that flag removed?
----- Original Message -----
From: "Jake Necessary" <jake@6ps.net>
To: "Tom Eastep" <teastep@shorewall.net>;
<shorewall-users@lists.shorewall.net>
Sent: Thursday, May 15, 2003 7:59 PM
Subject: [Shorewall-users] Re: Thanks
> This worked !!! Thanks for helping!
> --------------------
> On Wed, 14 May 2003 21:35:17 -0400, Jake Necessary <jake@6ps.net>
wrote:
>
> >
> > First, I am a pretty heavy gamer. Some of the games I play are not NAT
> > enabled. (Specifically Mech Warrior) In the past I have just done a
port
> > forward. For example, forwarding all traffic into the firewall on port
> > 9999
> > to internal host 192.168.1.3. I moved to Tennessee and have a
completely
> > different setup. I have DSL (with a static IP). The
firewall''s outside
> > interface is connected to the router/ adsl modem. The ADSL modem has a
> > static address. Also, Eth0 of the firewall is configured as follows:
> > 10.1.1.1/30. I have NAT disabled in the router.
>
> Some box is doing NAT since 10.1.1.1 is an RFC 1918 address (reserved for
> private use and not routed by the Internet backbone routers).
>
> > Eth1 is my internal network, 192.168.1.1/24.
>
> You are doing SNAT in your firewall/router. As a consequence, packets must
> undergo NAT _twice_ between your game system and the internet.
>
> >
> > 7. Some Log Messages
> > May 14 07:49:59 localhost kernel: Shorewall:man1918:DROP:IN=eth0
OUT> > MAC=00:4f:4e:0f:00:b3:00:a0:c5:4b:b6:63:08:00 SRC=204.157.6.21
> > DST=10.1.1.2
> > LEN=32 TOS=0x00 PREC=0x00 TTL=115 ID=54082 PROTO=UDP SPT=28800
DPT=28800
> > LEN=12
> >
> > May 14 07:50:00 localhost kernel: Shorewall:man1918:DROP:IN=eth0
OUT> > MAC=00:4f:4e:0f:00:b3:00:a0:c5:4b:b6:63:08:00 SRC=66.152.9.170
> > DST=10.1.1.2
> > LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=58307 DF PROTO=TCP SPT=2060
DPT=2300> > WINDOW=64240 RES=0x00 SYN URGP=0
>
> The above messages are a consequence of your having set
''norfc1918'' on
eth0> and you have an RFC 1918 external IP address.
>
> >
> > May 14 07:50:03 localhost kernel: Shorewall:net2all:DROP:IN=eth0
OUT> > MAC=00:4f:4e:0f:00:b3:00:a0:c5:4b:b6:63:08:00 SRC=66.11.174.34
> > DST=10.1.1.2
> > LEN=56 TOS=0x00 PREC=0x00 TTL=111 ID=12033 PROTO=ICMP TYPE=3 CODE=3
> > [SRC=10.1.1.2 DST=192.168.2.100 LEN=32 TOS=0x00 PREC=0x00 TTL=105
> > ID=12170
> > PROTO=UDP SPT=28800 DPT=28800 LEN=12 ]
> >
>
> See FAQ #21.
>
> -Tom
> --
> Tom Eastep \ Shorewall - iptables made easy
> Shoreline, \ http://www.shorewall.net
> Washington USA \ teastep@shorewall.net
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>