Charles, et al: Thanks for the earlier reply. This is being resubmitted since I also have withdrawn from linuxrouter.org. I have read the posting instructions again, and tried to format this query exactly as described. I'll try to make my requests more concise -- thanks for your patience. I have attached an updated network diagram below for reference, and all of the output requested in the LRP-List-How-TO (network_direct.conf was not found on my system, btw). Sorry this is so long... 1. "Make sure you're using the right network scripts (the ones from my LRP-CD), as these are the only scripts that support DMZ=PROXY." I believe I am using the proper scripts, but I am not sure. I createda an EigersteinBeta2 boot disk, formatted according to the instructions given at: http://nw-hoosier.dyndns.org/rlohman/linux/eiger-contents.html. To that base disk, I added the modified /etc/network.conf, /etc/ipfilter.conf, and /etc/init.d/network files from Bill Dudley's cookbook at www.casano.com/lrp. Is that enough, or is there something important missing from my newbie approach ;)? Are there other elements from the LRP-CD image I should add to this disk? 2. "Actually, proxy-arp is controlled by the routing tables. Make sure eth0 is the default route for 64.81.226.0/24, with only the individual IP's you have on your DMZ routed out the DMZ interface, and all will be well." My full network.conf is linked below --- please let me know if my settings are correct. 3. "For the firewall rules, you need to make sure DMZ_NET minus DMZ_EXTERN_ADDRS equals the IP's assigned to your DMZ. Since you only have 4, you probably want to shrink the /24 to a /30 or /31, making your DMZ_EXTERN_ADDRS shorter." My DMZ_EXTERN_ADDRS = "$eth0_DEFAULT_GW $eth0_IPADDR" so changing DMZ_NET to /31 should do the trick? 4. Re: "spotty" game servers: "Hmm...not enough info to debug this. If you're still having problems, provide more detail, like the network.conf settings, and actual route tables, firewall rules, and interface configuration." All reference info is attached below. In poking around on game server forums, I found some refereneces to UDP ports being redirected by IPMASQ to ports 61000-64999, when the game server uses 27015. The solution proposed (without detail) was creating a "service" for 27015, so it did not change port numbers. Something similar is happening in my DMZ --- in fact, it appears that proxy arp is not happening, but masquerading is happening instead. One of my external testers noted that while trying to connect to 64.81.226.172:27015 it turns around and connects them to 64.81.226.171:62643 ---- which is a high port on either the External interface of the DMZ interface --- not sure which. He can get a game session, but if he tries to use the remote console function, it apperently goes to a port the server does not recognize. I know I have something major hosed... Anyhow, thanks again for the assistance. Dan My network: http://64.81.226.171/netdiagram.txt ------------------ My configs: http://64.81.226.171/configs.txt _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
