Guest englishpremier Posted September 11, 2004 Report Share Posted September 11, 2004 (edited) I'm a linux noob, recently installed mandrake 10 on a k6-II machine which i want to act at a router for my other two PC's. The current setup is as follows: 1Mb NTL----> Linux box (mandrake 10)------> switch----->PC1/2 I used the madrake connection sharing wizard and all computers have internet access. The problem is that for specific programes i need to open and forward certain ports. As despite me turning the Mandrake firewall off, whenever i test the ports it still says they are firewalled. How do i open and forward ports to my Winxp clients in Mandrake10? I'm using KDE if that make any difference. Edit: before you send me there i read the stick last night and have done a search to no avail. Edited September 11, 2004 by englishpremier Quote Link to comment Share on other sites More sharing options...
paul Posted September 11, 2004 Report Share Posted September 11, 2004 mandrake uses shorewall as a front end to IPtables. I would ditch the idea of using the wizards, and go straight to the the source read thru the docs at shorewall, and you should discover that it is fantastically easy. to creat a masqueraded network .. edit /etc/shorewall/masq # Example 1: # # You have a simple masquerading setup where eth0 connects to # a DSL or cable modem and eth1 connects to your local network # with subnet 192.168.0.0/24. # # Your entry in the file can be either: # # eth0 eth1 # # or # # eth0 192.168.0.0/24 you want to open ports then check out /etc/shorewall/rules ################################################################################ #################### #ACT SRC DEST PROTO DEST SRC ORIGINAL RATE USER # PORT PORT(S) DEST LIMIT GRP REDIRECT local 3128 tcp 80 - !192.168.1.0/24 DNAT wave local:192.168.1.3 tcp 80 - DNAT wave local:192.168.1.2 tcp 110 - pretty easy really :) Quote Link to comment Share on other sites More sharing options...
Guest englishpremier Posted September 11, 2004 Report Share Posted September 11, 2004 (edited) didn't work and now on start up i get an error (something about line 89 which i haven't changed and there was nothing there anyway) and it states that surewall has failed. As a result it seems the other PCs on the network can no longer access the internet. here is what is at the bottom of etc/shorewall/masq: #INTERFACE SUBNET ADDRESS eth0 192.168.0.0/255.255.255.0 DNAT net loc:192.168.0.100:80 tcp 80 DNAT net loc:192.168.0.100:800 tcp 800 DNAT net loc:192.168.0.100:666 udp 666 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE All i want is for the linux box to act as a router and forward ports 80 (tcp) 800(tcp) 666(udp) to the internal IP address of 192.168.0.100. How do i do that? Edited September 12, 2004 by englishpremier Quote Link to comment Share on other sites More sharing options...
Guest englishpremier Posted September 12, 2004 Report Share Posted September 12, 2004 on start it says the error is in rc5.d/S03Shorewall line 89 I have not touched this file at all so it should be working just as it did before. Anyway this seems to be stoping shorewall on loading at the start. Line 89 of rc5.d/S03Shorewall reads as follows: esac I'm getting quite frustrated now as i still don't have conection sharing abilities like i did before all this. Can't the firewall be completely disabled, would that allow the ports i require to be reachable? Quote Link to comment Share on other sites More sharing options...
paul Posted September 12, 2004 Report Share Posted September 12, 2004 here is what is at the bottom of etc/shorewall/masq: #INTERFACE SUBNET ADDRESS eth0 192.168.0.0/255.255.255.0 DNAT net loc:192.168.0.100:80 tcp 80 DNAT net loc:192.168.0.100:800 tcp 800 DNAT net loc:192.168.0.100:666 udp 666 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE <{POST_SNAPBACK}> DNAT rules should not be in the masq file .. .they should be in the rules file Quote Link to comment Share on other sites More sharing options...
Guest englishpremier Posted September 12, 2004 Report Share Posted September 12, 2004 (edited) duh, next time i'll read your post properly, cheers. i think it works now. is it just a case of copying the text i wrote in the masq file and pasting it in the rules file? Edited September 12, 2004 by englishpremier Quote Link to comment Share on other sites More sharing options...
paul Posted September 12, 2004 Report Share Posted September 12, 2004 yup and restarting shorewall duh, next time i'll read your post properly, cheers. i think it works now. is it just a case of copying the text i wrote in the masq file and pasting it in the rules file? <{POST_SNAPBACK}> Quote Link to comment Share on other sites More sharing options...
Guest MountainGoat Posted October 6, 2004 Report Share Posted October 6, 2004 Thanx Paul, and all the others. This topic helped me too to configure my shorewall. Best Regards, MountainGoat Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.