Hi Shorewall users
I''ve have a XP client connected, using Samba, with the Linux Server.
The linux server share internet connection with the XP client,
the two-interface situation.
On the XP client I''ve would like to run the filesharing program
Blubster.
On the Blubster site (http://www.blubster.net/help/howto.html) I''ve
found this:
*****
Connect to Blubster using Linux:
iptables-based firewall/router
iptables -A FORWARD -i eth0 -p udp --dport 41170:41350 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 41170:41350 -j ACCEPT
iptables -A PREROUTING -i eth0 -t nat -p udp --dport 41170:41350 -j DNAT --to
190.666.6.6
iptables -A PREROUTING -i eth0 -t nat -p tcp --dport 41170:41350 -j DNAT --to
190.666.6.6
Change 190.666.6.6 to the address of your machine that is running Blubster.
And change eth0 to the interface connected directly with the Internet.
The first two lines are only necessary only if your default FORWARD policy is
something other than ACCEPT.
********
How do I''ve put that in the configurations files ?
Here is my Shorewall configurations files.
(ETH0 is connectet to my local net. ETH1 is connected to the world (internet)).
zones:
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local Networks
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net eth1 detect dhcp,routefilter,norfc1918,tcpflags
loc eth0 detect tcpflags
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
policy:
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
# Next line for client to get IP address from server.
loc fw ACCEPT
# If you want open access to the Internet from your Firewall
# remove the comment from the following line.
fw net ACCEPT
net all DROP info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
rules:
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
RATE USER/
# PORT PORT(S)
DEST LIMIT GROUP
#
# Accept DNS connections from the firewall to the network
#
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 22
#
# Allow Ping To And From Firewall
#
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp
ACCEPT fw net icmp
#
# Allow Samba on Firewall
#
ACCEPT fw loc udp 137:139
ACCEPT fw loc tcp 137,139,445
ACCEPT fw loc udp 1024: 137
ACCEPT loc fw udp 137:139
ACCEPT loc fw tcp 137,139,445
ACCEPT loc fw udp 1024: 137
#
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
masq:
#INTERFACE SUBNET ADDRESS
eth1 eth0
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
Hope someone can guide me in the right direction.
Best regards
Anders