[Firestarter-user] Help with Port Forwarding, ranges, & MS DirectPlay
Brought to you by:
majix
From: S.G. <sg...@cc...> - 2002-05-27 22:07:39
|
Ok, I'm trying to allow MS DirectPlay through my firewall (Red Hat 7.2 with latest [yesterday] updates from RHN, Firestarter 0.8.2, IPtables). First I tried manually adding the entries I found on the web into the firewall.sh script. Bad idea, as FS overwrites it when the wizard is run again. So then I manually typed in the ports and ranges (ranges like 2300:2400) into the port forwarding section in the gui. My portfw file looks thusly: #!/bin/sh $IPT -A FORWARD -p TCP -d 192.168.0.5 --dport 6667 -j ACCEPT $IPT -A PREROUTING -t nat -p TCP -d $NET --dport 6667 -j DNAT --to 192.168.0.5:6667 $IPT -A FORWARD -p TCP -d 192.168.0.5 --dport 2300:2400 -j ACCEPT $IPT -A PREROUTING -t nat -p TCP -d $NET --dport 2300:2400 -j DNAT --to 192.168.0.5:2300:2400 $IPT -A FORWARD -p UDP -d 192.168.0.5 --dport 2300:2400 -j ACCEPT $IPT -A PREROUTING -t nat -p UDP -d $NET --dport 2300:2400 -j DNAT --to 192.168.0.5:2300:2400 $IPT -A FORWARD -p TCP -d 192.168.0.5 --dport 28800:29000 -j ACCEPT $IPT -A PREROUTING -t nat -p TCP -d $NET --dport 28800:29000 -j DNAT --to 192.168.0.5:28800:29000 $IPT -A FORWARD -p UDP -d 192.168.0.5 --dport 28800:29000 -j ACCEPT $IPT -A PREROUTING -t nat -p UDP -d $NET --dport 28800:29000 -j DNAT --to 192.168.0.5:28800:29000 $IPT -A FORWARD -p TCP -d 192.168.0.5 --dport 47624 -j ACCEPT $IPT -A PREROUTING -t nat -p TCP -d $NET --dport 47624 -j DNAT --to 192.168.0.5:47624 $IPT -A FORWARD -p udp -d 192.168.0.5 --dport 47624 -j ACCEPT $IPT -A PREROUTING -t nat -p udp -d $NET --dport 47624 -j DNAT --to 192.168.0.5:47624 I've also included a list of differences I see between this file and what is suggested on the web: - Protocols here are capitalized (except in the last udp forward, where I left them lower case), in the original they are not - In the original, all prerouting statements are made prior to the forward statements - In the original, the "-t nat" switch in the prerouting statements are made before the PREROUTING word Other than that, it looks pretty much the same. I don't know if any of those diffs would make a difference, but the above is exactly how FS constructed the portfw file from my entries in the gui. Web, email, etc., work just fine from behind the firewall, but 192.168.0.5 still cannot join a Baldurs Gate 2 game (which uses Microsoft DirectPlay) outside the firewall, even though others can. My internal lan is defined in FS as 192.168.0.0/25 since I only use the first 127 IP's in that range. Any ideas on how I can get this to work? Thanks! SG p.s. I read the faq which said to add our own manual changes, we need to make a different firewall script. How would I go about simply adding some lines which enable the stateful inspection ability of iptables to my working firestarter setup? |