Hi there,

Yes I know, there are a million topics on this, but none of them seem to help me out. I've have tried lots of things, overheated the google servers and so on and still no luck.

I have a linux box set up as firewall/router. In my LAN there are two pc's. (192.168.1.3 and 192.168.1.5). The router has IP 192.168.1.1. This router is connected to the internet by means of a cable modem. Almost everything works fine. Internet and email, ICQ and so on work on both pc's. On my (192.168.1.5) pc I want to be able to download using Azureus and I want to host MOH games. But neither of them seem to work. I played around with IP tables, but apperantly I'm doing something wrong. Azureus is able to download, but when I test the port (6881) I get a NAT error, no matter what I try.

Below is are my Iptables rules.

#!/bin/sh

# iptables script generator: V0.1-2002
# Comes with no warranty!
# e-mail: michael(at)1go.dk

# Disable forwarding
echo "Disabling forwarding..."
echo 0 > /proc/sys/net/ipv4/ip_forward

LAN_IP_NET='192.168.1.0/24'
LAN_NIC='eth1'
LAN_IP='192.168.1.1'
WAN_IP='xxx.xxx.xxx.xxx'
WAN_NIC='eth0'
ME='192.168.1.5'


# load some modules (if needed)

# Flush all existing rules
echo "Flushing existing rules..."
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F

# Drop everything on INPUT and FORWARD chain. Accept all OUTPUT
echo "Setting up default policy..."
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

#Enable Masquerade and forwarding
echo "Enabling masquerading and forwarding..."

I tried this, but it punches a lot of holes in my firewall
#iptables -A FORWARD -m state --state NEW -j ACCEPT

I tried this for Azareus, but I keep getting these NAT errors
iptables -t nat -A PREROUTING -p tcp --dport 6881 -i $WAN_NIC -j DNAT --to-destination $ME:6881
iptables -t nat -A PREROUTING -p udp --dport 6881 -i $WAN_NIC -j DNAT --to-destination $ME:6881
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open ports on router for server/services
echo "opening ports..."
iptables -A INPUT -j ACCEPT -p tcp --dport 110 -i eth1
iptables -A INPUT -j ACCEPT -p tcp --dport 25 -i eth1
iptables -A INPUT -j ACCEPT -p tcp --dport 22 -i eth1
iptables -A INPUT -j ACCEPT -p tcp --dport 139 -i eth1
iptables -A INPUT -j ACCEPT -p tcp --dport 10000 -i eth1
iptables -A INPUT -j ACCEPT -p udp --dport 10000 -i eth1
iptables -A INPUT -j ACCEPT -p tcp --dport 631 -i eth1
iptables -A INPUT -j ACCEPT -p udp --dport 631 -i eth1


#State RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Enable forwarding
echo "Enabling forwarding..."
echo 1 > /proc/sys/net/ipv4/ip_forward

Can somebody please help me with this?

Add:
iptables -A FORWARD -i $WAN_NIC --dport 6881 -d $ME -j ACCEPT

Should match the DNATe portion of PREROUTING (--to-destination $ME:6881). You could add an -m state --state NEW, but you don't have to.

Good Luck,
chris

Hi bastard, (this sounds weird)

Thanks for your reply. I tried it, but when I restart the firewall I get the error message saying that --dport 6881 is an unknown argument.

oops,
iptables -A FORWARD -i $WAN_NIC -p tcp --dport 6881 -d $ME -j ACCEPT

Thanks!!!
That works.