Shorewall DNAT problems

Hi gang,

I've got a problem with shorewall, it keeps dropping packets when it
should be DNATing them.

I want all connections on a tcp port 4662 to be forwarded to a machine
on my network (192.168.0.5) - the port is used for mldonkey (P2P app).
It seems to be partially working - loads of packets are being DNAT'ed
but some are not - I cant figure out why!

The firewall (192.168.0.1) is running RH9 with kernel 2.4.20-8, iptables
v1.2.7a and shorewall version 1.4.6a

Line in /etc/shorewall/rules...

DNAT net loc:192.168.0.5 tcp 4662


but here's the bit in /var/log/messages that says its dropping
packets....


Nov 11 01:11:49 potchin kernel: Shorewall:logdrop:DROP:IN=ppp0 OUT=eth0
SRC=201.128.9.30 DST=192.168.0.5 LEN=48 TOS=0x00 PREC=0x00 TTL=113
ID=6299 DF PROTO=TCP SPT=3187 DPT=4662 WINDOW=16384 RES=0x00 SYN URGP=0

One thing I did think about was my external interface - its an ADSL
connection with a dynamic IP that is occasionally dropped for IP
renewal. I have not set the firewall to restart or anything when the IP
does change - I dont think it need to. All internal IPs are static.

I'm no guru on firewalls and haven't really fiddled with the default
settings that much so not sure what else you might need. If you need to
see some more config files then I can put them online if it helps.

As always, all suggestions welcome.

Regards
Jeff