Debian Router/Firewall IPTables & the ugly NAT
 

Hello,
I have a debian (voyage lenny) router routing all my traffic to my adsl modem.
first of all: it works... for the most of them! but some won't...

that's my scenario:
-----------------------------------
router
|- eth0/ppp0 > connected to my adsl (works fine since I use pppoeconf)
|- eth1 > conntected to my network switch broadcasting dns and dhcp
|- eth2 > still unconnected

I make all my firewall settings via firewall builder and I tried most.
I started with a good scenraio and ened up with simpliest. I looked up posts suggesting port openings but that's not the problem I guess

what's good:
-----------------------------------
Skype, HTTP and HTTPS from any PC on behind the eth1 switch

the problem/symptom:
-----------------------------------
I can't get MSN Messenger running (it's the protocol not the client) same with ICQ. it tries to connect and with wireshark I see some communication but it ends in a timeout

AND the reason I get so confused: I have nothing in my firewall log! so it's NOT because any weird port is blocked.
In my small-knowledge compendium I think it's a debian hardcore switch which disables communication at some point.

any help recommended...

thx

i'm not very messenger/icq savvy but this seems like a basic nat setup you missed
and if i'm not mistaken they both use a fixed port so you will only be able to set it up for 1 pc ...

oh and i have heard about a project trying to implement upnp on linux - that would solve all your problems ..

hej, I think it's a basic nat setup I missed, too.
And it's no problem to use for any PC behind my router! I know this because I have an iptables firewall already! and everything works fine! it's the one shipped with my netgear 821 (not nice but working), same with my Asus 500 gP (nice but broken) and with my netgear wgt631U (old fashioned and broken). so it's should be no problem.

thank you for the upnp tip! I installed it already... couldn't help. maybe I malconfigured it. I don't know.

I know it's only a weird little setting. Or maybe it's something about the renaming: first the outbound is eth0 and then ppp0. I don't know...

I'm sorry, that I may sound a little angry but I tried so much already.

http://linux-igd.sourceforge.net/documentation.php

So the thing is very simple - you want connectivity or security?
You want messenger to work behind the debian box - disable your firewall and get it working first. Then try putting up a firewall ..

Cheers

ok, I took the simple thing. removed all policy rules and leaving the NAT Rule (forwarding all to ppp0) running. but.... NO! Messenger still won't work.

this is what it's about:
and this is what firewall builder enables
any module I have to enable?

FORWARD policy is DROP. it means, not only messenger all of client side softwares will not work.
so run following
iptables -P FORWARD ACCEPT
and try again please.

regards

@maxut: sry, I run forward without noticing your post...

so I got it to work, but don't know why.
this is what i've done:
* upgrading voyage package (included iptables-package)
* correct locale (nothing was defined)
* installed ntp daemon (the alix board has no internal time and always run back or forth in time)
* booted my windows and my linux pc and tested on both clients with pidgin's msn-messenger wlm (pecan-package) AND msn protocol
* added upnp port to my internal fw (but no real action appears in the syslog)

this is what I get:
* all internet ist fine!
* my linux pc runs pidgin-wlm package, icq, skype etc... it will not run the standard pidgin msn (which runs through my former netgear router
* my win XP runs pidgin msn package fine

thx for any help. it seems the upgrade fixed it...

no problem.
nice to hear that it is works well..

regards.