> All reference info is attached below. In poking around on game server > forums, I found some refereneces to UDP ports being redirected by IPMASQ to > ports 61000-64999, when the game server uses 27015. The solution proposed > (without detail) was creating a "service" for 27015, so it did not change > port numbers. Something similar is happening in my DMZ --- in fact, it > appears that proxy arp is not happening, but masquerading is happening > instead. One of my external testers noted that while trying to connect to > 64.81.226.172:27015 it turns around and connects them to > 64.81.226.171:62643 ---- which is a high port on either the External > interface of the DMZ interface --- not sure which. He can get a game > session, but if he tries to use the remote console function, it apperently > goes to a port the server does not recognize. I know I have something major > hosed... > > My network: http://64.81.226.171/netdiagram.txt > > My configs: http://64.81.226.171/configs.txt OK, your ISP gave you a block of 4 IP's, but they span two /30 (4 IP) ranges, so you need to use a /29 (8 IP) range for DMZ_NET. The proper setting should be: DMZ_NET=64.81.226.168/29 Which covers the IP's from 64.81.226.168 to 64.81.226.175. Since you only 'own' four of these 8 IP's, you need to list the 4 not assigned to you as DMZ_EXT_ADDRS: DMZ_EXT_ADDRS="64.81.226.168 64.81.226.169 64.81.226.170 64.81.226.175 $eth0_DEFAULT_GW $eth0_IPADDR" That your getting any services at all is a bit suprising, and appears due ot the fact that you've got your external port 80 open (source & destination IP 0/0), which is allowing HTTP requests to the DMZ to make it through the firewall. Ditto for UDP packets, which *should* be blocked by the input rules, but with the incorrect DMZ_NET specification you're using (it covers 64.81.226.0-3, or none of the IP's you actually have assigned), this is not happening. Fix the above, and see if you still have problems. Once you get the various DMZ variables configured properly, you'll begin using your DMZ_OPEN_DEST settings (which it looks like you configured) rather than coming in through 'back-doors' in the firewall scripts, and everything *should* start working better and making more sense. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
