Re: [masq] [masq] ip masquerading and quake

1998-11-07 Thread mumford 

On Sat, 7 Nov 1998, Chris Johnson wrote:

 Date: Sat, 7 Nov 1998 16:48:08 -0500
 From: Chris Johnson [EMAIL PROTECTED]
 To: pernod [EMAIL PROTECTED], [EMAIL PROTECTED]
 Subject: Re:  [masq] ip masquerading and quake
 
 On Sat, Nov 07, 1998 at 02:05:08PM -0800, pernod wrote:
  does anyone know if udp based games such as quake work through
  an ip masquerading setup? 
 
 I haven't played Quake through a masquerading box, but there is a module
 specifically for Quake to allow it to work. Quake II works without any module
 help at all, and I've played tons of it through my masq box. I've also played
 it with two computers on my local LAN connecting to a Quake II server on the
 Internet, and it works fine that way too.

Actually, Quake works without modules as well, as long as only one internal
host is playing quake.  If more than one host is playing at the same time,
the module is required for both Quake and Quake2 (and the module has to be
to accept quake2 port 27910)


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

[masq] Masquerading problems Starcraft *SOLVED*... for me at least

1998-12-15 Thread mumford 

The recent flurry of NAT and peer-to-peer gaming information rekindled my
interest in trying to get starcraft working through a masquerading host.
For those of you curious here are the problems I was having:

1) incredibly slow game when playing against more than 1 human opponent
   when you're not hosting the game.  When I say slow, I mean _SLOW_.  This
   goes beyond normal lag.
2) fine game when against any # of human opponents when you are hosting the
   game.
3) fine game against 1 human opponent no matter who hosts.
4) # of computer opponents doesn't matter.

If you've been having symptoms like that, then I may just have the solution
for you.  If your masquerading host is running a 2.1.* series kernel, check
out http://www.alumni.caltech.edu/~dank/peer-nat.html for a 2.1.130 kernel
patch.  If you're running 2.0.36, get
ftp://ftp.netcom.com/pub/mu/mumford/loose-udp-2.0.36.patch.gz
Another option for those 2.1.*'ers of you out there.  One of the most recent
Alan Cox 2.1 patches includes this stuff by default.  I think it is version
2.1.131ac11, but I'm not sure.

For starcraft to work, you will also need port forwarding in your kernel.
It comes standard in recent 2.1 series, but you have to get a patch for
2.0.36 from http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html
This patch will apply almost cleanly to a 2.0.36 kernel that has been
patched with loose-udp.  The one patch that doesn't make it is a comment
in one of the source files, so it won't impact functionality.  Note that
auto-forwarding is not good enough, at least for me anyway.  I had to
compile in port-forwarding to get this to work.

Patch your kernel, run 'make oldconfig' or whatever, turn on the option
CONFIG_IP_MASQ_LOOSE_UDP in the network settings subsection (be sure to
have CONFIG_EXPERIMENTAL on as well).

When you have rebooted into your new kernel, turn on port forwarding with
commands such as the following:

(for 2.0.*)
ipportfw -A -t x.x.x.x/6112 -R y.y.y.y/6112
ipportfw -A -u x.x.x.x/6112 -R y.y.y.y/6112
(I can't remember where I got ipportfw originally, so you can grab it from
 my ftp directory if you need it)
(for 2.1.*)
ipmasqadm portfw -a -P tcp -L x.x.x.x 6112 -R y.y.y.y 6112
ipmasqadm portfw -a -P udp -L x.x.x.x 6112 -R y.y.y.y 6112

where x.x.x.x is the INTERNET address of the gateway host, and y.y.y.y is
the INTERNAL address of the host you play starcraft from.  Note that you
*cannot* play starcraft from two machines inside your network at the same
time... at least not with this setup.  A starcraft specific masquerading
module like the one for quake would be the only way to do that, AFAIK.

Some disclaimers:  I offer no guarrantees that it will work for you.  The
patch that I'm providing is not originally mine, and I only partially under-
stand it.  All I have done is take an existing 2.1 patch and backport it to
2.0.  It works for me.  If it doesn't work for you, there's not much I can
do in the way of fixing out your problem, but I'll certainly try.

Glenn Lamb - [EMAIL PROTECTED]  Finger for my PGP Key.
Email to me must have my address in either the To: or Cc: field.  All other
mail will be bounced automatically as spam.
PGPprint = E3 0F DE CC 94 72 D1 1A  2D 2E A9 08 6B A0 CD 82

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] [masq] [masq-dev] A possible bug in the ip_masq_quake code?

1999-01-14 Thread mumford 

On Thu, 14 Jan 1999, Dan Kegel wrote:

 Date: Thu, 14 Jan 1999 07:04:44 -0800
 From: Dan Kegel [EMAIL PROTECTED]
 To: "David A. Ranch" [EMAIL PROTECTED], [EMAIL PROTECTED],
 [EMAIL PROTECTED]
 Subject: Re:  [masq] [masq-dev] A possible bug in the ip_masq_quake code?
 
 "David A. Ranch" schrieb:
  Linux 2.0.36 w/ ipportfw patch
  ftp, quake, and raudio MASQ modules loaded
  UDP ports 2000-2020 IPPORTFWed
 
  The problem happens when you double-click on the Quake2 entry
  in the left-hand window to "update the servers".  The first
  or second time, you will get a good list of servers and decently
  low ping times.  If you do this a few more times, all of the sudden,
  all the ping times goto  and from the Linux server's logs,
  you see:
  
  Jan 13 00:07:09 trinity2 kernel: ip_masq_new(proto=UDP): no free ports.
 
 Hey, I wonder if the loose UDP patch will help that.  It reuses
 UDP ports more efficiently.  (It's in 2.2.0-pre7, and a version
 for 2.0.36 can be found at http://www.alumni.caltech.edu/~dank/peer-nat.html
 - Dan

Possibly, but I doubt it.  Quake and Quake2 are masquerading friendly.

The problem the original author is having is that masquerading timeouts are
set too high.  The default, I believe, is 5 minutes.  Now assuming he has
1000 entries in his gamespy table, he does a query which opens 1000 ports
which only need to be open for a few seconds, but stay open for 5 minutes.
Now he does a query again 1 minute later, which means there are 2000 ports
open.  Now he does another 1 minute later to give 3000 ports open.  As you
can see, this will quickly fill up the masquerading tables.  This happens
to me all the time, since I've got two computers behind my masquerading
host that play.

The solution?  Use smaller udp timeouts.
# ipfwadm -M -s 0 0 60
will leave the tcp and tcpfin timeouts at their default, and will set the
udp timeouts to 1 minute.  I really don't see a reason why they can't be
set even lower or why udp has a timeout in the first place, since udp is
packet based, not connection based.

Btw, another person said he didn't need the quake masquerading module to
play quake or quake2.  This is correct for a couple of reasons:

1) if you only have one host playing quake behind your masquerading host,
   or if you have more than one host but they're all playing on different
   servers, then the module is not necessary.  The module is only necessary
   when 2 or more hosts want to play on the same server.

2) the module does absolutely _nothing_ for quake2.  If you look at the
   module source, you'll see a couple of port numbers at the beginning:
   26000 and 27000.  Quake2's default port is 27910.  The quake module
   apparently does work for quake2 if the port is added.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] Battle.net masq module.....

1999-01-15 Thread mumford 

On Thu, 14 Jan 1999, Stomper wrote:

 Date: Thu, 14 Jan 1999 16:11:09 -0700
 From: Stomper [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: [masq] Battle.net masq module.
 
 Anyone that is a programmer game to attempt a battle.net masq module.
 Looks like Blizzard finally got smart and started allow multi connects from
 a single ip.  They still only allow one connect per key, but this way multi
 machines behind a masq machine can finally get to diablo and starcraft..

A b.net masq module is really useless.  b.net is a chat program, and not
much more.  All b.net does in terms of starting the games is it allows
you to select a game from a list.  Once you're in the game (in the 'ready
to start' room where you choose zerg/protoss/terran in starcraft, for
example), that's the starcraft clients talking directly to each other;
b.net is not involved.

What we'd need for a starcraft module is for blizzard to release the
net specs on the _game_, not on b.net... or for someone else to reverse
engineer it (which is way beyond me).

It would certainly be nice, though.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] [masq] FTP timeout?

1999-01-19 Thread mumford 


 At 10:02 PM 1/16/99 -0800, Fred Viles wrote:
 On 16 Jan 99, at 15:21, Charles Curley wrote about
 "[masq] FTP timeout?":
 
 | I have been running ip masquerading for about a month. I have noticed a
 | glitch which may be a timeout issue: when I transfer a large file (10+Mb)
 | using Netscape on NT, the whole file appears to transfer. Then the little
 | window just hangs there.
 
 This will happen if you are not running the ip_masq_ftp "helper" 
 module.  As you guessed, it is probably the control connection timing 
 out while the lengthy data connection is going on.
 
 Does lsmod show ip_masq_ftp running?
 
 ip_masq_ftp is built into the kernel, not a module.

Um, I'm no expert on the masquerading helper modules, but I'm pretty sure
it's not possible (easily) to compile this in as part of the kernel.  I do
know for sure that there is no way to do it with the standard config.

You might want to double check your setup.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] Weird problems in IP Masq

1999-01-20 Thread mumford 

On Mon, 18 Jan 1999, Sean Roe wrote:

 Date: Mon, 18 Jan 1999 07:26:43 -0700 (MST)
 From: Sean Roe [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: [masq] Weird problems in IP Masq
 
 Hi all,
 
 I have a kinda weird setup and its doing some strange stuff.
 
 I have three Linux boxes behind a cisco 2501 router hooked to a T-1 frame.
 One of the boxes is an IP_Masq box.  The Cisco is using NAT to talk to the
 linux boxes.  My problem is I can telnet to the Masq box from the
 Internet, I can run lynx from it ftp, ect.  But I cant ping anything on
 the LAN.  Here is a copy of my routing table:
 
 Kernel IP routing table
 Destination Gateway Genmask  Flags Metric Ref Use Iface
 192.168.100.0  0.0.0.0   255.255.255.0   U 0  026 eth0
 192.168.101.0 192.168.101.10 255.255.255.0   UG0  025 eth1
 192.168.101.0 0.0.0.0255.255.255.0   U 0  0 4 eth1
 127.0.0.0 0.0.0.0255.0.0.0   U 0  022 lo
 0.0.0.0   192.168.100.1  0.0.0.0 UG0  037 eth0

For one thing, you have duplicate routes to the 192.168.101.0 net.  I'm
pretty sure that first route (the one with gateway 192.168.101.10) is
meaningless, since you don't have a route to 192.168.101.10.  For example,
the kernel sees a packet destined for 192.168.101.0 and sees it has to go
through the gateway 192.168.101.10, but sees it does not have a route to
that host, so it tries to send the packet down the default route...  Can
anyone confirm?  Deleting that route should help:

 Kernel IP routing table
 Destination Gateway Genmask  Flags Metric Ref Use Iface
 192.168.100.0  0.0.0.0   255.255.255.0   U 0  026 eth0
 192.168.101.0 0.0.0.0255.255.255.0   U 0  0 4 eth1
 127.0.0.0 0.0.0.0255.0.0.0   U 0  022 lo
 0.0.0.0   192.168.100.1  0.0.0.0 UG0  037 eth0

to be honest, I doubt this has anything to do with your problem.
 
 Anyway, whenever I try to traceroute a LAN Address (192.168.101.XX) I get:
 
 [sean@proxy sean]$ traceroute 192.168.101.4 
 traceroute: Warning: Multiple interfaces found; using 192.168.100.10 @
 eth0
 traceroute to 192.168.101.4 (192.168.101.4), 30 hops max, 40 byte packets
 

Try 'traceroute -i eth1 192.168.101.4'.
It tells traceroute to use eth1 when doing its business.  They're arguing
over on the linux-net mailing list that this is a bug in traceroute, and
I have to agree.  traceroute should be able to figure out the proper
route from the tables.

Now back to your original problem.  How exactly are you trying to connect
to your box from the internet?  What address are you using?  You can't
use 192.168.*.  Those addresses won't route on the internet.  If the cisco
is supposed to be NAT'ting, then it sounds like the cisco is misconfigured,
not the linux box.  Can you telnet to the linux box from any machine on
the 192.168.101 net? Can you telnet to the linux box from the cisco router?
 
On a side note, this setup is just begging the question:  why?  If you're
running NAT on the router, why are you running masq on the linux host?
NAT on the router should take care everything (unless I misunderstand NAT).

Glenn Lamb - [EMAIL PROTECTED]  Finger for my PGP Key.
Email to me must have my address in either the To: or Cc: field.  All other
mail will be bounced automatically as spam.
PGPprint = E3 0F DE CC 94 72 D1 1A  2D 2E A9 08 6B A0 CD 82

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] Newbie Question

1999-01-22 Thread mumford 

On Wed, 20 Jan 1999, Jonathan wrote:

 Date: Wed, 20 Jan 1999 00:50:13 +0200
 From: Jonathan [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: [masq] Newbie Question
 
 Compiling the kernel with ipportfw worked fine on my P2/266 which runs a
 full install of RedHat 5.2, but not on the gateway machine, a 486 running a
 minimal RH 5.2. 'make config' runs fine, but 'make dep' misses files like
 'stdio.h'.
 
 Question; which RPM do I need to install to get these files?

host$ rpm -qf /usr/include/stdio.h
glibc-devel-2.0.7-29

Glenn Lamb - [EMAIL PROTECTED]  Finger for my PGP Key.
Email to me must have my address in either the To: or Cc: field.  All other
mail will be bounced automatically as spam.
PGPprint = E3 0F DE CC 94 72 D1 1A  2D 2E A9 08 6B A0 CD 82

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

[masq] to whomever emailed me about starcraft...

1999-01-28 Thread mumford 

It's really hard for me to help you unless I have a valid return address...
justme [EMAIL PROTECTED] isn't valid.

Anyway, in hopes that you're paying attention, the problems you described--really
laggy games, except when you're hosting or when only playing with one other human
player (number of computer players doesn't matter) are the exact symptoms I was
having, and are fixed by the loose-udp patch.

You can read up on the theory at http://www.alumni.caltech.edu/~dank/peer-nat.html
You can get the patch at ftp://ftp.netcom.com/pub/mu/mumford/loose-udp-2.0.36.patch.gz
Apply the patch after you apply the ipportfw patch.  It won't apply cleanly, the
failure will be on a comment, so don't worry about it.

Enable the CONFIG_IP_MASQ_LOOSE_UDP option ('make config'), then recompile and
reboot and you should be good to go.

Glenn Lamb - [EMAIL PROTECTED]  Finger for my PGP Key.
Email to me must have my address in either the To: or Cc: field.  All other
mail will be bounced automatically as spam.
PGPprint = E3 0F DE CC 94 72 D1 1A  2D 2E A9 08 6B A0 CD 82

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] Starcraft with kernels 2.2.x

1999-01-31 Thread mumford 

On Sun, 31 Jan 1999, Kristopher A. Kersey wrote:

 Date: Sun, 31 Jan 1999 03:21:41 -0500
 From: "Kristopher A. Kersey" [EMAIL PROTECTED]
 To: MASQ Mail List [EMAIL PROTECTED]
 Subject: [masq] Starcraft with kernels 2.2.x
 
 OK, I'm looking to get some strait answers on IP Masq for kernel
 versions 2.2.x.  I'm currently have my kernel configured with the
 following "Network Options" related stuff:
 
 Packet socket
 Network firewalls
 Unix domain sockets
 TCP/IP networking
 IP: firewalling
 IP: always defragment
 IP: masquerading
 IP: ICMP masquerading
 IP: masquerading special modules support
 IP: ipautofw support
 IP: drop source routed frames
 IP: allow large windows
 
 And all I'm doing to enable masqurading is typing:
 
 ipchains -A forward -s 192.168.1.0/24 -j MASQ
 echo "1"  /proc/sys/net/ipv4/ip_forward
 
 My MASQ as a whole all works, but Starcraft seems still not be working
 right.  I though the UDP bug was fixed.  Is this all correct?  What
 should be changed?

Are you doing port forwarding?  You need to forward udp port 6112 from the
masquerading machine to the gaming machine.  Forwarding tcp port 6112 might
also be a good idea.

Glenn Lamb - [EMAIL PROTECTED]  Finger for my PGP Key.
Email to me must have my address in either the To: or Cc: field.  All other
mail will be bounced automatically as spam.
PGPprint = E3 0F DE CC 94 72 D1 1A  2D 2E A9 08 6B A0 CD 82

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] [masq] Starcraft with kernels 2.2.x

1999-01-31 Thread mumford 

On Sun, 31 Jan 1999, Kristopher A. Kersey wrote:

 Date: Sun, 31 Jan 1999 12:29:40 -0500
 From: "Kristopher A. Kersey" [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Cc: MASQ Mail List [EMAIL PROTECTED]
 Subject: Re:  [masq] Starcraft with kernels 2.2.x
 
 Actually I'm not.  I was wondering what utility I should use with 2.2.x,
 ipportfw or ipmasqadm.  Also that means I need to enable it in the
 kernel right?  What's a simple command to enable that?  Also, do I need
 to have ipautofw enabled in the kernel?  Do have have to run anything to
 turn it on?  I hope I don't sound ignorent but I just am not fluent in
 the area and nothing I read I strait forward.

You should be using ipmasqadm.  The commands are
# ipmasqadm portfw -a -P tcp -L $1 6112 -R $2 6112
# ipmasqadm portfw -a -P tcp -L $3 6112 -R $2 6112
# ipmasqadm portfw -a -P udp -L $1 6112 -R $2 6112
# ipmasqadm portfw -a -P udp -L $3 6112 -R $2 6112

Replace $1 with the internal IP address of your gateway machine, $2
with the address (internal again, but it should be the only) of the
machine you're playing starcraft on and $3 with the external IP ad-
dress of the gateway machine.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Re: [masq] [masq] [masq] [masq] VDOPHONE

1999-02-04 Thread mumford 

On Thu, 4 Feb 1999, Craig McDaniel wrote:

 Date: Thu, 4 Feb 1999 04:02:24 -0600 (CST)
 From: Craig McDaniel [EMAIL PROTECTED]
 To: "John E. Christ III" [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: Re:  [masq] [masq] [masq] VDOPHONE
 
 
 I have that same problem, but I don't use mirc.  I have a masq'ed linux
 box that can't dcc chat or dcc send.  I tried editing the ip_msaq_.c
 module, but it wouldn't work.  Any ideas how to get ircii and deritives to
 dcc right?

Is the irc server you are connecting to on port 6667?  If not, then that's
probably your problem.  The ip_masq_irc module is hardcoded only for 6667.
When installing the ip_masq_irc module, use a 'ports=' line like so

# insmod ip_masq_irc ports=6667,6668,6669[,...]

Include the port # of your irc server on that line  see if your troubles
go away.

btw, you tried 'editing the ip_msaq_.c module'?  Which specific module, the
irc one?  What changes did you try?

Glenn Lamb - [EMAIL PROTECTED]  Finger for my PGP Key.
Email to me must have my address in either the To: or Cc: field.  All other
mail will be bounced automatically as spam.
PGPprint = E3 0F DE CC 94 72 D1 1A  2D 2E A9 08 6B A0 CD 82

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]