Iam not able to use ipchains with the new kernel and im trying for a long time to get ipchains running

ive got to networks cards in my router eth0 ( internal network 192.168.0.X and eth1 pointing to my dsl modem ppp0)
i want to route the edonkey ports 4600:4665 udp and tcp to 192.168.0.10 on my internal network.
and 6112 to 192.168.0.10:6112 tcp.

thx in advance (=

Have you got MASQ working with iptables?

ähm nope
Susefirewall2 does the masq

hm ?

So what do you see if you do a iptables -L -n

its too long for the forum so i put it into a .txt file on my webspace

http://www.ncco.de/kurt/iptables.txt

OK you have iptables loaded, find the firewall file, maybe rc.firewall, need to see the layout..

this should be the firewall conf

http://www.ncco.de/kurt/SuSEfirewall2

Yes that is the config file, how about the actual firewall script... /etc/rc.d/init.d/firewall?

Need to see if they have any provisions for portfowarding... might have to add some stuff...
You game??

http://www.ncco.de/kurt/SuSEfirewall2_init
http://www.ncco.de/kurt/SuSEfirewall2_setup
http://www.ncco.de/kurt/SuSEfirewall2_final

/sbin/SuSEfirewall2 please...

so finally (= :

http://www.ncco.de/kurt/SuSEfirewall2

back up the originals and save this one as

/sbin/SuSEfirewall2

backup the orginal and save this one as /etc/sysconfig/SuSEfirewall2

open it up and edit the line PTFWD_TARGET_IP1="ip of lan target"
to the ip address of the lan machine.

post a the results of iptables -L -n iptables -t nat -L -n and any errors taht may be in /var/log/messages.

no errors in /var/log/messages

http://www.ncco.de/kurt/iptables1.txt
http://www.ncco.de/kurt/iptables2.txt

but the ports dont seem to be forwarded

Yea, I had the order wrong try this one, save as
/sbin/SuSEfirewall2

ive done iptables -L -n and iptables -t nat -L -n again and here are the results:

http://www.ncco.de/kurt/iptables1.txt
http://www.ncco.de/kurt/iptables2.txt

iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:4600:4665 to:192.168.0.10
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6112 to:192.168.0.10
DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:4600:4665 to:192.168.0.10

does that mean ports 4660:4665 tcp and udp and 6112 tcp is forwarded ?

but right now edonkey and even warcraft cant connect nomore
it seems like those ports are blocked or somewhat

yea for the prerouting chain in the nat table, I forgot the forward rules....:rolleyes:

give this a spin...
I'm going to go eat, be back in a bit....

still cant connect with warcraft or edonkey

hm edonkey just connected but with a 2xxx id meaning that the forwarding doesnt work =(

any rejects logged??

http://www.ncco.de/kurt/messages

That cute.... try this...
/sbin/SuSEfirewall2

some unauthorized packets are left heres the log:

http://www.ncco.de/kurt/messages

Where does port tcp 4239 fit into this??

dont mind that port its the connect of my ssh client

thats what ive got know
and still the portforwading for edonkey doesnt seem to work
http://www.ncco.de/kurt/messages1

im truely thankful for your efforts man (=

Think this should do it...

still got a low edonkey id ( meaning no portforwarding)

heres the log
http://www.ncco.de/kurt/messages2

at the console he says:
unknown protocol '217.230.98.53' specified
try iptables -h for help
thats my external ip

Ordering of the rules... don't append after there is drop rule, won't see it, used insert...
post the output of the rules too please...

still some unauthorized packets but edonkey now runs with portforwarding heres /var/log/messages:
http://www.ncco.de/kurt/messages3

here is the result of iptables -L -n:
http://www.ncco.de/kurt/iptables3.txt

and of iptables -t nat -L -n:
http://www.ncco.de/kurt/iptables4.txt

but he still says at bootup: iptables: unknown protocol 'myexternalip' specified try iptables - h for help

Your on dsl correct?
Don't load the script during boot with init.
It needs to find the external ip.

edit /etc/ppp/ip-up.local (if you don't have, create it)
and in it place:

sh /sbin/SuSEfirewall2

When the dsl comes up, the script will get run after you connect...

Your named is listening on the external interface also, you could have it just listen on the internal...
I'll look for the error...

he doesnt start the firewall if i put them in ip-up.local dont know why
but if i type sh SuSEfirewall2 at the console after the adsl link is already up he gives me the same error about the protocol
so ill start the fw at bootup again

This should shut the logging up.
Change this in the /etc/sysconfig/SuSEfirewall2:



# Common: ssh smtp domain
FW_SERVICES_INT_TCP="22 6112 4600:4665"
# Common: domain syslog
FW_SERVICES_INT_UDP="4600:4665"
# For VPN/Routing which END at the firewall!!
FW_SERVICES_INT_IP=""

Did you set the permission to execute? maybe it's not looking for the .local file. You could add it to the bottom of /etc/ppp/ip-up. I'll give it a look tomorrow..