Ok here goes ; FW_QUICKMODE="no" FW_DEV_EXT="eth-id-00:02:b3:4b:fe:a0" FW_DEV_INT="wlan0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="no" FW_SERVICES_EXT_TCP="4000:4200 5801 5901 8100 domain http https imap imaps microsoft-ds netbios-dgm netbios-ns netbios-ssn pop3 pop3s rsync smtp ssh tftp" FW_SERVICES_EXT_UDP="4000:4200 8100 bootps domain" FW_SERVICES_EXT_IP="49152:49159" FW_SERVICES_EXT_RPC="mountd nfs nfs_acl nlockmgr status" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_DMZ_RPC="" FW_SERVICES_INT_TCP="49152:49159" FW_SERVICES_INT_UDP="49152:49159" FW_SERVICES_INT_IP="" FW_SERVICES_INT_RPC="" FW_SERVICES_DROP_EXT="" FW_SERVICES_REJECT_EXT="0/0,tcp,113" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="49152:49159" FW_ALLOW_INCOMING_HIGHPORTS_UDP="" FW_FORWARD="0/0,0/0,udp152:49159" FW_FORWARD_MASQ="192.168.0.0/49152:49159,192.168.0.10,tcp,49152:49159" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG_LIMIT="" FW_LOG="" FW_KERNEL_SECURITY="yes" FW_ANTISPOOF="no" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="int" FW_IGNORE_FW_BROADCAST="no" FW_ALLOW_CLASS_ROUTING="no" FW_CUSTOMRULES="" FW_REJECT="no" FW_HTB_TUNE_DEV="" FW_IPv6="" FW_IPv6_REJECT_OUTGOING="yes" FW_IPSEC_TRUST="no" Although it is disabled atm because im directly into my router (disabled because it would then block me access into it) Also tried a iptables-only config, ill post that too #!/bin/bash IPTABLES=/usr/sbin/iptables case "$1" in start) echo -n "Starting IP Firewall and NAT..." # Clear old rules $IPTABLES --flush $IPTABLES --delete-chain # Masquerading $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Loopback $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A OUTPUT -o lo -j ACCEPT # Forward All Data From Internal To External $IPTABLES -A FORWARD -i wlan0 -o eth0 -j ACCEPT # Forward packets that are part of existing and related connections from external to internal, and visa versa $IPTABLES -A FORWARD -i eth0 -o wlan1 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i wlan1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow all inputs to firewall from the internal network and local interfaces $IPTABLES -A INPUT -i wlan0 -s 0/0 -d 0/0 -j ACCEPT $IPTABLES -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT # Anti-Spoofing $IPTABLES -A INPUT -i eth0 -s 193.168.0.10 -j DROP $IPTABLES -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP # Port-Specific Rules $IPTABLES -A INPUT -i wlan0 -p tcp --dport 22 -j ACCEPT #SSH Connections $IPTABLES -A INPUT -i wlan0 -p tcp --dport 80 -j ACCEPT #HTTP Connections $IPTABLES -A INPUT -i wlan0 -p tcp --dport 443 -j ACCEPT #SSL Connections $IPTABLES -A INPUT -i wlan0 -p tcp --dport 5901 -j ACCEPT #VNC $IPTABLES -A INPUT -i wlan0 -p udp --dport 5901 -j ACCEPT $IPTABLES -A INPUT -i wlan0 -s 193.168.0.10 -d 193.168.0.1 -p tcp --dport 137 -j ACCEPT #SAMBA related ports $IPTABLES -A INPUT -i wlan0 -s 193.168.0.10 -d 193.168.0.1 -p tcp --dport 138 -j ACCEPT $IPTABLES -A INPUT -i wlan0 -s 193.168.0.10 -d 193.168.0.1 -p tcp --dport 139 -j ACCEPT $IPTABLES -A INPUT -i wlan0 -s 193.168.0.10 -d 193.168.0.1 -p udp --dport 137 -j ACCEPT $IPTABLES -A INPUT -i wlan0 -s 193.168.0.10 -d 193.168.0.1 -p udp --dport 138 -j ACCEPT $IPTABLES -A INPUT -i wlan0 -s 193.168.0.10 -d 193.168.0.1 -p udp --dport 139 -j ACCEPT # -- Allow external DC connection in to enable ACTIVE mode $IPTABLES -t nat -I PREROUTING -i eth0 -p tcp --dport 49158 -j DNAT --to 193.168.0.10:49158 $IPTABLES -t nat -I PREROUTING -i eth0 -p udp --dport 49158 -j DNAT --to 193.168.0.10:49158 $IPTABLES -I FORWARD -i eth0 -p tcp -s 0/0 -d 193.168.0.10 --dport 49158 -j ACCEPT $IPTABLES -I FORWARD -i eth0 -p udp -s 0/0 -d 193.168.0.10 --dport 49158 -j ACCEPT # Allow pings, but reject the rest $IPTABLES -A INPUT -i eth0 -p icmp -j ACCEPT $IPTABLES -A INPUT -i wlan0 -p icmp --icmp-type echo-request -j ACCEPT $IPTABLES -A INPUT -i eth0 -j DROP $IPTABLES -A INPUT -s 0/0 -d 0/0 -p udp -j DROP $IPTABLES -A INPUT -s 0/0 -d 0/0 -p tcp --syn -j DROP echo "done." ;; stop) echo -n "Stopping IP Firewall and NAT..." $IPTABLES -X $IPTABLES -F $IPTABLES -Z # Input Rules $IPTABLES -A INPUT -i eth0 -m state --state ESTABLISHED,related -j ACCEPT $IPTABLES -A INPUT -i eth0 -j REJECT echo "done." ;; restart) echo -n "Restarting IP Firewall and NAT..." $0 stop > /dev/null sleep 1 $0 start > /dev/null ;; *) echo "Usage: $0 {start|stop|restart}" ;; esac the ports I was trying to forward on this occasion were 49152:49159, or single ports within that range. Basically any port range will do, as long as there are about 10-200 ports open (more the better) thanks in advance :) (sorry carlos for sending it to you twice)