OK - then we conclude that the firewall is doing more than we think it should right? So, how can this be?
Well, I decided to setup a little test and "lo and behold" - my system "decided to use shorewall" as the backend.
My lan sits behind a router with a firewall on the router. This is a "typical setup" So, within my lan - there is no firewall. My server has mediatomb as my dlna/UPnP server and my clients use djmount for their requests.
Shorewall considers UPnP to be
. Read this
to see why.
So, if you want to turn on shorewall in Mandriva - you will have to install Linux IGD
because shorewall thinks this is the safest solution.
(like me) think "Hrmphhh!" and other grunts and expletives. You may
(like me) wonder why the Mandriva gui doesn't say "There are secret things that will be silently disallowed" because we use shorewall.
I am now going to experiment with direct bashing of /usr/share/shorewall and the files that use "macro.DropUPnP". I will post here if I have any success.
Note - I know this is bludgeoning behavior and not the "proper way". But, I had a cursory look at the documentation for linux IGD and decided it was too hard. I like to pride myself on my ability to decipher documentation. I have been unix-ing since 1979 and linux-ing since 1997. I will (eventually) read the linux IGD docs in full and work out a simpler way to do things. I am somewhat pedantic and I enjoy the problems.
My answer to you right now in order of "correctness" is;
A) Use the firewall (shorewall) with Linux IGD
B) use a different firewall.
C) ask someone else if they have a better suggestion.
D) Don't use the firewall.
E) Bash the shorewall files yourself
F) wait for someone like me to bash the shorewall files.