Hi,
I could live with that bug. When you delete them all and start all over it works fine again.
The problem I have is that the rules appear in /etc/rd./init.d/masq but they do not make the traffic arrive at the PC in my network.
I asked about this before in
http://www.e-smith.org/bboard/read.phpf=3&i=27107&t=27107but did not get a useful answer yet.
I suspected that the weird ADSL model in the Netherlands, with PPPoA and a VPN to the ISP, had something to do with that.
So I got myself another piece of hardware. Now my eth0 has my public IP adress.
There is no firewall functionality in that modem hardware. So that should be pretty normal now. Web- and mailserver run fine.
But forwarding will not work still.
Someone questioned my method of testing with Portdetective.
The program worked just fine when I used an ipchains firewall under 5.5.
To be sure I now installed VNC server on the workstation, and forwarded port 5900 with the panel. I can make a connection from within my own network, so this time I'm really sure there is something listening on port 5900. But from outside, no luck.
The attempt is logged in /var/log/messages.
I spent literally days of researching how the firewall is setup on sme 5.6 but I really can't seem to find how it works.
The templating mechanism I now found described on
www.e-smith-org, under customisation. I think I now understand how it works, and I like the idea.
But I still don't understand how the firewall is configured. The template fragments are themselves executable code that makes use of variables. I can't find the source of those. Probably the same file that the portforwarding rpm writes to.
Basically, what I want is to have a setup like this (adapted from code reported as working, from Usenet):
/sbin/iptables -t nat -I PREROUTING -p udp --dport 6073 -i eth0 -j DNAT --to 192.168.0.205
/sbin/iptables -t nat -I PREROUTING -p udp --dport 2300:2400 -i eth0 -j DNAT --to 192.168.0.205
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 28800:29100 -i eth0 -j DNAT --to 192.168.0.205
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 47624 -i eth0 -j DNAT --to 192.168.0.205
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 2300:2400 -i eth0 -j DNAT --to 192.168.0.205
/sbin/iptables -I FORWARD -p udp -d 192.168.0.205 --dport 6073 -j ACCEPT
/sbin/iptables -I FORWARD -p udp -d 192.168.0.205 --dport 2300:2400 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -d 192.168.0.205 --dport 28800:29100 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -d 192.168.0.205 --dport 47624 -j ACCEPT
/sbin/iptables -I FORWARD -p tcp -d 192.168.0.205 --dport 2300:2400 -j ACCEPT
This is to make playing games with DirectPlay from DirectX7 and DirectX8 possible.
I can insert these rules one by one in a shell logon, without syntax errors, but it does not lead to working forwarding.
When I try to incorporate the rules into the existing masq file by substituting the ports in here I get a syntax error: only one destination port allowed.
The example here is from the case where I forwarded 2399
# Create a new PortForwarding chain
PFC=$(/sbin/iptables --table nat --numeric --list PortForwarding |\
sed -n '3s/ .*//p')
/sbin/iptables --table nat --new-chain PortForwarding_$$
/sbin/iptables --table nat --append PortForwarding_$$ --protocol tcp --destination-port 2399 -j DNAT --to-destination 192.168.0.205:2399
adjust_tcp_in 2399 ACCEPT InboundTCP_$$
/sbin/iptables --table nat --replace PortForwarding 1 --destination $OUTERNET --jump PortForwarding_$$
/sbin/iptables --table nat --flush $PFC
/sbin/iptables --table nat --delete-chain $PFC
I really hope someone has a clue why this is not working.
If this isn't working permanently I see little more options than finding other software, and frankly, I don't know of an alternative that has all the goodies of e-smith.
Kind greetings,
Thony
sixxxeight wrote:
>
> I've a Problem with Portforwarding with my SME 5.6
>
> I have updated the Packetfilte with
> "e-smith-packetfilter-1.13.0-04.noarch.rpm".
> After that I have installed
> "e-smith-portforwarding-0.1.0-20.noarch.rpm".
> I find the new menu "PORT FORWARDING".
> I have generated a rule: TCP Port 80 to 192.168.0.128:80 and
> Port 21 to 192.168.0.128:21.
> After deleting the first rule I find a rule TCP Port 21 to
> 192.168.0.128:80 in my list
> Uuuups
> I can do it again and again and its always the same.
>
> Anybody knows something about that ???????????
>
> Ulf
2 Replies
1139 Views