Since I posted this, the S39network.in error has "gone away," but the rest of the problems still are alive and well. New network.cfg at http://64.81.226.171/nconfig.txt -- comments stripped for readability. Can't seem to nail it... :/ Any help appreciated. Thanks, Dan -----Original Message----- From: Dan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 12, 2001 3:40 PM To: [EMAIL PROTECTED] Subject: RE: [Leaf-user] FW: [LRP] Proxy ARP on Bridged DSL OK, I made the changes below, turned off the IP forwarding for the internal www server, and rebooted. From the standpoint of my external testers, it is still working as before --- reassigning his connection to the IP of the external interface, and a 64XXX port. I still am not sure I have the scripts correct. At boot, I now get an error: "/etc/init.d/rcS: /etc/rcS.d/S39network.in: not found" --- then it boots, and functions as before. :/ Dan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Tuesday, June 12, 2001 2:17 PM To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] FW: [LRP] Proxy ARP on Bridged DSL > All reference info is attached below. In poking around on game server > forums, I found some refereneces to UDP ports being redirected by IPMASQ to > ports 61000-64999, when the game server uses 27015. The solution proposed > (without detail) was creating a "service" for 27015, so it did not change > port numbers. Something similar is happening in my DMZ --- in fact, it > appears that proxy arp is not happening, but masquerading is happening > instead. One of my external testers noted that while trying to connect to > 64.81.226.172:27015 it turns around and connects them to > 64.81.226.171:62643 ---- which is a high port on either the External > interface of the DMZ interface --- not sure which. He can get a game > session, but if he tries to use the remote console function, it apperently > goes to a port the server does not recognize. I know I have something major > hosed... > > My network: http://64.81.226.171/netdiagram.txt > > My configs: http://64.81.226.171/configs.txt OK, your ISP gave you a block of 4 IP's, but they span two /30 (4 IP) ranges, so you need to use a /29 (8 IP) range for DMZ_NET. The proper setting should be: DMZ_NET=64.81.226.168/29 Which covers the IP's from 64.81.226.168 to 64.81.226.175. Since you only 'own' four of these 8 IP's, you need to list the 4 not assigned to you as DMZ_EXT_ADDRS: DMZ_EXT_ADDRS="64.81.226.168 64.81.226.169 64.81.226.170 64.81.226.175 $eth0_DEFAULT_GW $eth0_IPADDR" That your getting any services at all is a bit suprising, and appears due ot the fact that you've got your external port 80 open (source & destination IP 0/0), which is allowing HTTP requests to the DMZ to make it through the firewall. Ditto for UDP packets, which *should* be blocked by the input rules, but with the incorrect DMZ_NET specification you're using (it covers 64.81.226.0-3, or none of the IP's you actually have assigned), this is not happening. Fix the above, and see if you still have problems. Once you get the various DMZ variables configured properly, you'll begin using your DMZ_OPEN_DEST settings (which it looks like you configured) rather than coming in through 'back-doors' in the firewall scripts, and everything *should* start working better and making more sense. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
