RE: IPchains, masquerading and napster

From: Eduardo Rohr (
Date: Mon Jan 31 2000 - 05:50:19 EST

I don't know how napster works, but you can quickly see what is going wrong
changing your rules in this way:

 /sbin/ipchains -P forward ACCEPT
 /sbin/ipchains -A forward -p tcp --destination-port 6699 -j MASQ
 /sbin/ipchains -A forward -i eth1 -p all -s -j ACCEPT
 /sbin/ipchains -A forward -j DENY -l <----- here you log everything that
is denied

(I would do the same with the INPUT chain)

And then in a terminal using for example "tail -f /var/log/messages" you can
see what is going up.


> Dear Linux-net,
> I have a problem setting up my masquerading linuxrouter to forward
> napsterclients. I (on the private side of the router) can do downloads
> other clients, but the other clients are not able to do downloads from me.
> Napster sees that people are trying, but the status of their uploads is
> "Waiting...". The setup is as follows:
> The home-LAN is napster is running on a windowsclient which
> is adressed The router is assigned a static public IP on the
> outside (eth1) and on the LAN-side (eth0). I used the
> lines, which in my opinion should work, straightforward as it is:
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -p tcp --destination-port 6699 -j MASQ
> /sbin/ipchains -A forward -i eth1 -p all -s -j ACCEPT
> But it doesn't. It attempts to masq all outgoing traffic, which works and
> attempts to deny all incoming traffic except trafic to port 6699, which is
> the port I configured in napster. It denys all though, except for
> connections initiated from the LAN.
> Can anyone please tell me what I'm doing wrong?
> Serge Maandag.

To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to

This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:34 EST