[Firewall] Next problem

Eli Wapniarski eli at orbsky.homelinux.org
Sun Oct 7 07:24:23 CEST 2012


On Friday 05 October 2012 18:50:03 Robert Bain wrote:
> On 05/10/2012 17:27, Eli Wapniarski wrote:
> > On Friday 05 October 2012 11:06:04 Lonnie Abelbeck wrote:
> >> On Oct 5, 2012, at 9:59 AM, Eli Wapniarski wrote:
> >>> On Friday 05 October 2012 09:34:32 Lonnie Abelbeck wrote:
> >>>> Eli,
> >>>> 
> >>>> If you want to forward UDP 9987 to your internal host 192.168.0.11
> >>>> using
> >>>> the same port, you *only* need: --
> >>>> NAT_FORWARD_UDP="9987>192.168.0.11"
> >>>> --
> >>>> Note the matching double-quotes, shell script style.
> >>>> 
> >>>> By also having OPEN_UDP="9987" you are tying to do two different things
> >>>> with the same packet.
> >>>> 
> >>>> So, remove OPEN_UDP="9987" and make sure you have matching
> >>>> double-quotes.
> >>> 
> >>> Thanks Lonnie
> >>> 
> >>> That did the trick. Does this apply to everythig I forwared or just to
> >>> udp?
> >>> 
> >>> Eli
> >> 
> >> Yes, everything.  Either you NAT forward the packet (NAT_FORWARD_) to
> >> internal hosts or allow the packet (OPEN_) to your local computer running
> >> Arno's firewall, not both.
> > 
> > I will try to configure my firewall as per your suggestion Lonnie.
> > However, I gotta ask a dumb question then. How come, when I have the
> > open_tcp configured and nat_forward_tcp configured with the same ports
> > everything seems to work OK?
> > 
> > Eli
> 
> Luck. Maybe TCP port forwards are parsed before the TCP Open ports and
> the other way around for UDP


Thanks all.... This was all very very helpful.

Eli


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the Firewall mailing list