Very Computer

Hi,
I have my RH72 box setup as firewall/gateway for my internal network.
The firewall is iptable. The config file is basically copied from
IP-Masq-how-to. It works very well for long time until recently I
subscribe to a site for streaming stock quote. The site uses a java
program to display stream quotes. It seems my firewall blocks it so I
have to skip the firewall and connect my PC to internet directly. Even
the java program provides a "firewall" mode it still only partially
work behind my firewall.
I don't know what's wrong with my settings, or maybe it's the java
program's fault? What should I do to find out the problem? Can someone
provide some clues?
Thanks,
chris

Couple of things.
1. Masquerading is not exactly the same as a firewall. They are similar, do
some things the same, but if you are running Masq, you do not necessarily
have a firewall. If you are running a firewall, you do not necessarily have
NAT capabilities. I'm not familiar with RH's firewall/NAT setup, so I
assume you are using Masq and not a full blow Firewall program, and will
refer to Masq only from here on out.
2. The java program that displays realtime stock quotes probably uses TCP or
UDP port numbers not open to the Masqurading you have setup. Check out the
netfilter site at netfilter.samba.org for more pointers on how to setup a
secure Masqueraded site.

The firewall mode used by the java app is meant to provide compatibility
with corporate firewalls which don't do NAT/Masq. That's why it seems to
get better, but still doesn't work exactly right when you use it. Look into
smarter configs for iptables to make this work and hit the RH site for
information regarding their firewall setup.  Most likely you have port 443
blocked by the Firewall portion of the RH setup, and/or Masq is confused by
some dynamic port handling by the java app. Good luck.

--
-Pete Buelow
replace nospam with putzin to email me back.