OK, I made the changes below, turned off the IP forwarding for the internal
www server, and rebooted. From the standpoint of my external testers, it is
still working as before --- reassigning his connection to the IP of the
external interface, and a 64XXX port.
I still am not sure I have the scripts correct. At boot, I now get an
error: "/etc/init.d/rcS: /etc/rcS.d/S39network.in: not found" --- then it
boots, and functions as before.
:/
Dan
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Charles
Steinkuehler
Sent: Tuesday, June 12, 2001 2:17 PM
To: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] FW: [LRP] Proxy ARP on Bridged DSL
> All reference info is attached below. In poking around on game server
> forums, I found some refereneces to UDP ports being redirected by IPMASQ
to
> ports 61000-64999, when the game server uses 27015. The solution proposed
> (without detail) was creating a "service" for 27015, so it did not change
> port numbers. Something similar is happening in my DMZ --- in fact, it
> appears that proxy arp is not happening, but masquerading is happening
> instead. One of my external testers noted that while trying to connect to
> 64.81.226.172:27015 it turns around and connects them to
> 64.81.226.171:62643 ---- which is a high port on either the External
> interface of the DMZ interface --- not sure which. He can get a game
> session, but if he tries to use the remote console function, it apperently
> goes to a port the server does not recognize. I know I have something
major
> hosed...
>
> My network: http://64.81.226.171/netdiagram.txt
>
> My configs: http://64.81.226.171/configs.txt
OK, your ISP gave you a block of 4 IP's, but they span two /30 (4 IP)
ranges, so you need to use a /29 (8 IP) range for DMZ_NET. The proper
setting should be:
DMZ_NET=64.81.226.168/29
Which covers the IP's from 64.81.226.168 to 64.81.226.175. Since you only
'own' four of these 8 IP's, you need to list the 4 not assigned to you as
DMZ_EXT_ADDRS:
DMZ_EXT_ADDRS="64.81.226.168 64.81.226.169 64.81.226.170 64.81.226.175
$eth0_DEFAULT_GW $eth0_IPADDR"
That your getting any services at all is a bit suprising, and appears due ot
the fact that you've got your external port 80 open (source & destination IP
0/0), which is allowing HTTP requests to the DMZ to make it through the
firewall. Ditto for UDP packets, which *should* be blocked by the input
rules, but with the incorrect DMZ_NET specification you're using (it covers
64.81.226.0-3, or none of the IP's you actually have assigned), this is not
happening.
Fix the above, and see if you still have problems. Once you get the various
DMZ variables configured properly, you'll begin using your DMZ_OPEN_DEST
settings (which it looks like you configured) rather than coming in through
'back-doors' in the firewall scripts, and everything *should* start working
better and making more sense.
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
