[Firewall] Next problem

Robert Bain jimmy at retro-hosting.co.uk
Fri Oct 5 19:50:03 CEST 2012


On 05/10/2012 17:27, Eli Wapniarski wrote:
> On Friday 05 October 2012 11:06:04 Lonnie Abelbeck wrote:
>> On Oct 5, 2012, at 9:59 AM, Eli Wapniarski wrote:
>>> On Friday 05 October 2012 09:34:32 Lonnie Abelbeck wrote:
>>>> Eli,
>>>>
>>>> If you want to forward UDP 9987 to your internal host 192.168.0.11 using
>>>> the same port, you *only* need: --
>>>> NAT_FORWARD_UDP="9987>192.168.0.11"
>>>> --
>>>> Note the matching double-quotes, shell script style.
>>>>
>>>> By also having OPEN_UDP="9987" you are tying to do two different things
>>>> with the same packet.
>>>>
>>>> So, remove OPEN_UDP="9987" and make sure you have matching double-quotes.
>>> Thanks Lonnie
>>>
>>> That did the trick. Does this apply to everythig I forwared or just to
>>> udp?
>>>
>>> Eli
>> Yes, everything.  Either you NAT forward the packet (NAT_FORWARD_) to
>> internal hosts or allow the packet (OPEN_) to your local computer running
>> Arno's firewall, not both.
>>
> I will try to configure my firewall as per your suggestion Lonnie. However, I
> gotta ask a dumb question then. How come, when I have the open_tcp configured
> and nat_forward_tcp configured with the same ports everything seems to work
> OK?
>
> Eli
>
Luck. Maybe TCP port forwards are parsed before the TCP Open ports and 
the other way around for UDP


More information about the Firewall mailing list