Re: [masq] [masq] ip masquerading and quake
On Sat, 7 Nov 1998, Chris Johnson wrote: Date: Sat, 7 Nov 1998 16:48:08 -0500 From: Chris Johnson [EMAIL PROTECTED] To: pernod [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [masq] ip masquerading and quake On Sat, Nov 07, 1998 at 02:05:08PM -0800, pernod wrote: does anyone know if udp based games such as quake work through an ip masquerading setup? I haven't played Quake through a masquerading box, but there is a module specifically for Quake to allow it to work. Quake II works without any module help at all, and I've played tons of it through my masq box. I've also played it with two computers on my local LAN connecting to a Quake II server on the Internet, and it works fine that way too. Actually, Quake works without modules as well, as long as only one internal host is playing quake. If more than one host is playing at the same time, the module is required for both Quake and Quake2 (and the module has to be to accept quake2 port 27910) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] Masquerading problems Starcraft *SOLVED*... for me at least
The recent flurry of NAT and peer-to-peer gaming information rekindled my interest in trying to get starcraft working through a masquerading host. For those of you curious here are the problems I was having: 1) incredibly slow game when playing against more than 1 human opponent when you're not hosting the game. When I say slow, I mean _SLOW_. This goes beyond normal lag. 2) fine game when against any # of human opponents when you are hosting the game. 3) fine game against 1 human opponent no matter who hosts. 4) # of computer opponents doesn't matter. If you've been having symptoms like that, then I may just have the solution for you. If your masquerading host is running a 2.1.* series kernel, check out http://www.alumni.caltech.edu/~dank/peer-nat.html for a 2.1.130 kernel patch. If you're running 2.0.36, get ftp://ftp.netcom.com/pub/mu/mumford/loose-udp-2.0.36.patch.gz Another option for those 2.1.*'ers of you out there. One of the most recent Alan Cox 2.1 patches includes this stuff by default. I think it is version 2.1.131ac11, but I'm not sure. For starcraft to work, you will also need port forwarding in your kernel. It comes standard in recent 2.1 series, but you have to get a patch for 2.0.36 from http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html This patch will apply almost cleanly to a 2.0.36 kernel that has been patched with loose-udp. The one patch that doesn't make it is a comment in one of the source files, so it won't impact functionality. Note that auto-forwarding is not good enough, at least for me anyway. I had to compile in port-forwarding to get this to work. Patch your kernel, run 'make oldconfig' or whatever, turn on the option CONFIG_IP_MASQ_LOOSE_UDP in the network settings subsection (be sure to have CONFIG_EXPERIMENTAL on as well). When you have rebooted into your new kernel, turn on port forwarding with commands such as the following: (for 2.0.*) ipportfw -A -t x.x.x.x/6112 -R y.y.y.y/6112 ipportfw -A -u x.x.x.x/6112 -R y.y.y.y/6112 (I can't remember where I got ipportfw originally, so you can grab it from my ftp directory if you need it) (for 2.1.*) ipmasqadm portfw -a -P tcp -L x.x.x.x 6112 -R y.y.y.y 6112 ipmasqadm portfw -a -P udp -L x.x.x.x 6112 -R y.y.y.y 6112 where x.x.x.x is the INTERNET address of the gateway host, and y.y.y.y is the INTERNAL address of the host you play starcraft from. Note that you *cannot* play starcraft from two machines inside your network at the same time... at least not with this setup. A starcraft specific masquerading module like the one for quake would be the only way to do that, AFAIK. Some disclaimers: I offer no guarrantees that it will work for you. The patch that I'm providing is not originally mine, and I only partially under- stand it. All I have done is take an existing 2.1 patch and backport it to 2.0. It works for me. If it doesn't work for you, there's not much I can do in the way of fixing out your problem, but I'll certainly try. Glenn Lamb - [EMAIL PROTECTED] Finger for my PGP Key. Email to me must have my address in either the To: or Cc: field. All other mail will be bounced automatically as spam. PGPprint = E3 0F DE CC 94 72 D1 1A 2D 2E A9 08 6B A0 CD 82 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] [masq-dev] A possible bug in the ip_masq_quake code?
On Thu, 14 Jan 1999, Dan Kegel wrote: Date: Thu, 14 Jan 1999 07:04:44 -0800 From: Dan Kegel [EMAIL PROTECTED] To: "David A. Ranch" [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [masq] [masq-dev] A possible bug in the ip_masq_quake code? "David A. Ranch" schrieb: Linux 2.0.36 w/ ipportfw patch ftp, quake, and raudio MASQ modules loaded UDP ports 2000-2020 IPPORTFWed The problem happens when you double-click on the Quake2 entry in the left-hand window to "update the servers". The first or second time, you will get a good list of servers and decently low ping times. If you do this a few more times, all of the sudden, all the ping times goto and from the Linux server's logs, you see: Jan 13 00:07:09 trinity2 kernel: ip_masq_new(proto=UDP): no free ports. Hey, I wonder if the loose UDP patch will help that. It reuses UDP ports more efficiently. (It's in 2.2.0-pre7, and a version for 2.0.36 can be found at http://www.alumni.caltech.edu/~dank/peer-nat.html - Dan Possibly, but I doubt it. Quake and Quake2 are masquerading friendly. The problem the original author is having is that masquerading timeouts are set too high. The default, I believe, is 5 minutes. Now assuming he has 1000 entries in his gamespy table, he does a query which opens 1000 ports which only need to be open for a few seconds, but stay open for 5 minutes. Now he does a query again 1 minute later, which means there are 2000 ports open. Now he does another 1 minute later to give 3000 ports open. As you can see, this will quickly fill up the masquerading tables. This happens to me all the time, since I've got two computers behind my masquerading host that play. The solution? Use smaller udp timeouts. # ipfwadm -M -s 0 0 60 will leave the tcp and tcpfin timeouts at their default, and will set the udp timeouts to 1 minute. I really don't see a reason why they can't be set even lower or why udp has a timeout in the first place, since udp is packet based, not connection based. Btw, another person said he didn't need the quake masquerading module to play quake or quake2. This is correct for a couple of reasons: 1) if you only have one host playing quake behind your masquerading host, or if you have more than one host but they're all playing on different servers, then the module is not necessary. The module is only necessary when 2 or more hosts want to play on the same server. 2) the module does absolutely _nothing_ for quake2. If you look at the module source, you'll see a couple of port numbers at the beginning: 26000 and 27000. Quake2's default port is 27910. The quake module apparently does work for quake2 if the port is added. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Battle.net masq module.....
On Thu, 14 Jan 1999, Stomper wrote: Date: Thu, 14 Jan 1999 16:11:09 -0700 From: Stomper [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [masq] Battle.net masq module. Anyone that is a programmer game to attempt a battle.net masq module. Looks like Blizzard finally got smart and started allow multi connects from a single ip. They still only allow one connect per key, but this way multi machines behind a masq machine can finally get to diablo and starcraft.. A b.net masq module is really useless. b.net is a chat program, and not much more. All b.net does in terms of starting the games is it allows you to select a game from a list. Once you're in the game (in the 'ready to start' room where you choose zerg/protoss/terran in starcraft, for example), that's the starcraft clients talking directly to each other; b.net is not involved. What we'd need for a starcraft module is for blizzard to release the net specs on the _game_, not on b.net... or for someone else to reverse engineer it (which is way beyond me). It would certainly be nice, though. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] FTP timeout?
At 10:02 PM 1/16/99 -0800, Fred Viles wrote: On 16 Jan 99, at 15:21, Charles Curley wrote about "[masq] FTP timeout?": | I have been running ip masquerading for about a month. I have noticed a | glitch which may be a timeout issue: when I transfer a large file (10+Mb) | using Netscape on NT, the whole file appears to transfer. Then the little | window just hangs there. This will happen if you are not running the ip_masq_ftp "helper" module. As you guessed, it is probably the control connection timing out while the lengthy data connection is going on. Does lsmod show ip_masq_ftp running? ip_masq_ftp is built into the kernel, not a module. Um, I'm no expert on the masquerading helper modules, but I'm pretty sure it's not possible (easily) to compile this in as part of the kernel. I do know for sure that there is no way to do it with the standard config. You might want to double check your setup. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Weird problems in IP Masq
On Mon, 18 Jan 1999, Sean Roe wrote: Date: Mon, 18 Jan 1999 07:26:43 -0700 (MST) From: Sean Roe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [masq] Weird problems in IP Masq Hi all, I have a kinda weird setup and its doing some strange stuff. I have three Linux boxes behind a cisco 2501 router hooked to a T-1 frame. One of the boxes is an IP_Masq box. The Cisco is using NAT to talk to the linux boxes. My problem is I can telnet to the Masq box from the Internet, I can run lynx from it ftp, ect. But I cant ping anything on the LAN. Here is a copy of my routing table: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 0 026 eth0 192.168.101.0 192.168.101.10 255.255.255.0 UG0 025 eth1 192.168.101.0 0.0.0.0255.255.255.0 U 0 0 4 eth1 127.0.0.0 0.0.0.0255.0.0.0 U 0 022 lo 0.0.0.0 192.168.100.1 0.0.0.0 UG0 037 eth0 For one thing, you have duplicate routes to the 192.168.101.0 net. I'm pretty sure that first route (the one with gateway 192.168.101.10) is meaningless, since you don't have a route to 192.168.101.10. For example, the kernel sees a packet destined for 192.168.101.0 and sees it has to go through the gateway 192.168.101.10, but sees it does not have a route to that host, so it tries to send the packet down the default route... Can anyone confirm? Deleting that route should help: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 0 026 eth0 192.168.101.0 0.0.0.0255.255.255.0 U 0 0 4 eth1 127.0.0.0 0.0.0.0255.0.0.0 U 0 022 lo 0.0.0.0 192.168.100.1 0.0.0.0 UG0 037 eth0 to be honest, I doubt this has anything to do with your problem. Anyway, whenever I try to traceroute a LAN Address (192.168.101.XX) I get: [sean@proxy sean]$ traceroute 192.168.101.4 traceroute: Warning: Multiple interfaces found; using 192.168.100.10 @ eth0 traceroute to 192.168.101.4 (192.168.101.4), 30 hops max, 40 byte packets Try 'traceroute -i eth1 192.168.101.4'. It tells traceroute to use eth1 when doing its business. They're arguing over on the linux-net mailing list that this is a bug in traceroute, and I have to agree. traceroute should be able to figure out the proper route from the tables. Now back to your original problem. How exactly are you trying to connect to your box from the internet? What address are you using? You can't use 192.168.*. Those addresses won't route on the internet. If the cisco is supposed to be NAT'ting, then it sounds like the cisco is misconfigured, not the linux box. Can you telnet to the linux box from any machine on the 192.168.101 net? Can you telnet to the linux box from the cisco router? On a side note, this setup is just begging the question: why? If you're running NAT on the router, why are you running masq on the linux host? NAT on the router should take care everything (unless I misunderstand NAT). Glenn Lamb - [EMAIL PROTECTED] Finger for my PGP Key. Email to me must have my address in either the To: or Cc: field. All other mail will be bounced automatically as spam. PGPprint = E3 0F DE CC 94 72 D1 1A 2D 2E A9 08 6B A0 CD 82 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Newbie Question
On Wed, 20 Jan 1999, Jonathan wrote: Date: Wed, 20 Jan 1999 00:50:13 +0200 From: Jonathan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [masq] Newbie Question Compiling the kernel with ipportfw worked fine on my P2/266 which runs a full install of RedHat 5.2, but not on the gateway machine, a 486 running a minimal RH 5.2. 'make config' runs fine, but 'make dep' misses files like 'stdio.h'. Question; which RPM do I need to install to get these files? host$ rpm -qf /usr/include/stdio.h glibc-devel-2.0.7-29 Glenn Lamb - [EMAIL PROTECTED] Finger for my PGP Key. Email to me must have my address in either the To: or Cc: field. All other mail will be bounced automatically as spam. PGPprint = E3 0F DE CC 94 72 D1 1A 2D 2E A9 08 6B A0 CD 82 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] to whomever emailed me about starcraft...
It's really hard for me to help you unless I have a valid return address... justme [EMAIL PROTECTED] isn't valid. Anyway, in hopes that you're paying attention, the problems you described--really laggy games, except when you're hosting or when only playing with one other human player (number of computer players doesn't matter) are the exact symptoms I was having, and are fixed by the loose-udp patch. You can read up on the theory at http://www.alumni.caltech.edu/~dank/peer-nat.html You can get the patch at ftp://ftp.netcom.com/pub/mu/mumford/loose-udp-2.0.36.patch.gz Apply the patch after you apply the ipportfw patch. It won't apply cleanly, the failure will be on a comment, so don't worry about it. Enable the CONFIG_IP_MASQ_LOOSE_UDP option ('make config'), then recompile and reboot and you should be good to go. Glenn Lamb - [EMAIL PROTECTED] Finger for my PGP Key. Email to me must have my address in either the To: or Cc: field. All other mail will be bounced automatically as spam. PGPprint = E3 0F DE CC 94 72 D1 1A 2D 2E A9 08 6B A0 CD 82 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Starcraft with kernels 2.2.x
On Sun, 31 Jan 1999, Kristopher A. Kersey wrote: Date: Sun, 31 Jan 1999 03:21:41 -0500 From: "Kristopher A. Kersey" [EMAIL PROTECTED] To: MASQ Mail List [EMAIL PROTECTED] Subject: [masq] Starcraft with kernels 2.2.x OK, I'm looking to get some strait answers on IP Masq for kernel versions 2.2.x. I'm currently have my kernel configured with the following "Network Options" related stuff: Packet socket Network firewalls Unix domain sockets TCP/IP networking IP: firewalling IP: always defragment IP: masquerading IP: ICMP masquerading IP: masquerading special modules support IP: ipautofw support IP: drop source routed frames IP: allow large windows And all I'm doing to enable masqurading is typing: ipchains -A forward -s 192.168.1.0/24 -j MASQ echo "1" /proc/sys/net/ipv4/ip_forward My MASQ as a whole all works, but Starcraft seems still not be working right. I though the UDP bug was fixed. Is this all correct? What should be changed? Are you doing port forwarding? You need to forward udp port 6112 from the masquerading machine to the gaming machine. Forwarding tcp port 6112 might also be a good idea. Glenn Lamb - [EMAIL PROTECTED] Finger for my PGP Key. Email to me must have my address in either the To: or Cc: field. All other mail will be bounced automatically as spam. PGPprint = E3 0F DE CC 94 72 D1 1A 2D 2E A9 08 6B A0 CD 82 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] Starcraft with kernels 2.2.x
On Sun, 31 Jan 1999, Kristopher A. Kersey wrote: Date: Sun, 31 Jan 1999 12:29:40 -0500 From: "Kristopher A. Kersey" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: MASQ Mail List [EMAIL PROTECTED] Subject: Re: [masq] Starcraft with kernels 2.2.x Actually I'm not. I was wondering what utility I should use with 2.2.x, ipportfw or ipmasqadm. Also that means I need to enable it in the kernel right? What's a simple command to enable that? Also, do I need to have ipautofw enabled in the kernel? Do have have to run anything to turn it on? I hope I don't sound ignorent but I just am not fluent in the area and nothing I read I strait forward. You should be using ipmasqadm. The commands are # ipmasqadm portfw -a -P tcp -L $1 6112 -R $2 6112 # ipmasqadm portfw -a -P tcp -L $3 6112 -R $2 6112 # ipmasqadm portfw -a -P udp -L $1 6112 -R $2 6112 # ipmasqadm portfw -a -P udp -L $3 6112 -R $2 6112 Replace $1 with the internal IP address of your gateway machine, $2 with the address (internal again, but it should be the only) of the machine you're playing starcraft on and $3 with the external IP ad- dress of the gateway machine. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] [masq] [masq] VDOPHONE
On Thu, 4 Feb 1999, Craig McDaniel wrote: Date: Thu, 4 Feb 1999 04:02:24 -0600 (CST) From: Craig McDaniel [EMAIL PROTECTED] To: "John E. Christ III" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [masq] [masq] [masq] VDOPHONE I have that same problem, but I don't use mirc. I have a masq'ed linux box that can't dcc chat or dcc send. I tried editing the ip_msaq_.c module, but it wouldn't work. Any ideas how to get ircii and deritives to dcc right? Is the irc server you are connecting to on port 6667? If not, then that's probably your problem. The ip_masq_irc module is hardcoded only for 6667. When installing the ip_masq_irc module, use a 'ports=' line like so # insmod ip_masq_irc ports=6667,6668,6669[,...] Include the port # of your irc server on that line see if your troubles go away. btw, you tried 'editing the ip_msaq_.c module'? Which specific module, the irc one? What changes did you try? Glenn Lamb - [EMAIL PROTECTED] Finger for my PGP Key. Email to me must have my address in either the To: or Cc: field. All other mail will be bounced automatically as spam. PGPprint = E3 0F DE CC 94 72 D1 1A 2D 2E A9 08 6B A0 CD 82 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]