What you experienced was because ip_forward has NOTHING to do with PORT forwarding. It has to do with IP forwarding eg. routing capabilities. If you check (the default) firewall.rules.2nic file, you will find:
 
# Stop forwarding while setting up.
echo "0" > /proc/sys/net/ipv4/ip_forward
 
this is where the script disables IP forwarding (for security reasons I belive), and at the end of the file you will find:
 
# Enabling IP forwarding.
echo "1" > /proc/sys/net/ipv4/ip_forward
 
At this point I suggest that you read more about iptables and get a feel for what it does. That's what I had to do just a few days ago. Belive me it's worth the time. For example:
 
http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html
and there are tons of documentation on http://www.netfilter.org
 
As for your problem: I already had some suggestions for you and now I can only suggest that you take my advice otherwise I will not be able to help you. If you have a hunch that the problem is DL related, set up a test environment like this:
- Take a client machine.
- Connect it to DL's external interface in some direct way like a crosslink cable or using a switch.
- Make sure they are configured to the same subnet, and that you are able to ping back and forth between them.
- Connect DL's internal interface to the network where the streaming server resides.
- Again, make sure they are configured to the same subnet, and that you are able to ping back and forth between the server and DL.
- Check if the server has DL's internal address set as it's default gateway, or at least it has a routing entry for the subnet on DL's external interface routed through DL's internal address
- Start Winamp on the client machine and add "DL's external IP":8007 to the playlist and turn on repeat, so Winamp tries continously to connect to the server
- Now you can start messing aroud with the firewall rules if you want to, if you have it, you'll hear it.
 
That's all for tonight,
bye, and good luck.
 
George Tarnai
 
----- Original Message -----
From: ross paskett
To: devil-linux-discuss@lists.sourceforge.net
Sent: Sunday, April 23, 2006 9:07 PM
Subject: Re: [Devil-Linux-discuss] port forwarding

I never got my port forwarding working so I thought I would try again.  I have tested port forwarding on my DSL modem and it works.  I connected the target machine directly to the DSL line, and tested it from work and it worked.  So it must be a problem with my devil linux configuration.  I am sure my rules are correct in my firewall.rules file.  There was a line that set the file "ip_forward" to 0, so I commented that line, then I looked at "ip_forward" and made sure it was set to 1.  It was.  So tested again, and it didn't forward.  Again, my DSL modem/router is forwarding just fine, so it has to be something with my devil linux config.  Does anyone know of anything else I might need to do?

Tarnai Gy�rgy <tarnaigy@r-net.hu> wrote:
Interesting... I would approach this problem by checking if DL is really the problem in this case. You can do that by connecting your computer on the network between your DSL "modem" (which I assume is a broadband router actually) and DL, on the 192.168.0.xxx subnet, and try to connect to the stream through DL via it's external IP (192.168.0.3). If that doesn't work try moving the server to the same network and subnet and try if you can access it from the internet through your DSL modem. In this way you can make sure the problem is really with DL and not with your DSL modem.
 
On the other hand there might be a problem with the firewall rules, for instance I'm not sure that ShoutCast servers are using TCP to stream media or it may be using TCP connections that don't work well in some NAT scenarios. May be worth to check that.
 
Also I would check what does this DSL "modem" really do. DSL modems (at least here in Hungary) are devices that interfaces with the DSL network and allows to initiate the connection via PPPoE. DSL routers are devices where you can connect some form of internet connection (Fixed IP, DHCP or PPPoE client) via its WAN ethernet interface and routing or NATing it to client machines on the internal network via it's internal ethernet interface. Of course there are lots of devices now that are combining some or more of these features for ex.
DSL interface routers or boadband routers with direct DSL connection so it is not straightforward what your device is capable doing not to mention that a lot depends on the internal software it is using. 
 
And at last but not least it would be better if you'd sent DL's exact network configuration (IP's, subnet masks, gateway, etc.) to check there's no problem there.
 
Best regards:
 
George Tarnai
 
----- Original Message -----
From: ross paskett
To: devil-linux-discuss@lists.sourceforge.net
Sent: Friday, April 07, 2006 8:58 PM
Subject: [Devil-Linux-discuss] port forwarding

I am running an internet server on my local network. The server streams media through: ip is 192.168.1.7 port 8007.  I have port forwarding setup in my firewall.rules file, and I have turned it on my DSL modem.  On my DSL modem, the rule is:
Forward ports 8000-8010 to machine 192.168.0.3(devil linux), then devil linux should forward connections on port 8007 to 192.168.1.7(internal radio server), but when I try to connect to my machine from the outside world, it can't.  I can connect and stream my music internally, from windows or mac, just not from the outside world.  Internally, I just connect to 192.168.1.7:8007 in winamp, and it plays my music.  can someone help?  below is the port forwarding section of my firewall.rules file.

# Uncomment/modify the next 4 lines to forward a service to an internal IP.
SERVER_IP=192.168.1.7   # Internal IP of server.
PORT=8007               # 22 = SSH.  Change to 80 for web server, etc.
${IPTABLES} -A PREROUTING -i ${OUT_DEV} -t nat -p TCP --dport $PORT -j DNAT --to ${SERVER_IP}:${PORT}
${IPTABLES} -A FORWARD -p TCP -d ${SERVER_IP} --dport $PORT -i ${OUT_DEV} -o ${INT_DEV} -j ACCEPT


Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2�/min or less.

Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1�/min.



ross paskett
rastapaskett@yahoo.com


Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2/min or less.