IPcop will figure this all out behind the scenes for him. He won't really need to deal with it at this level. The web Interface is all he'll see, not the actual script. (Which is /etc/rc.d/rc.firewall.up in case people are curious. And actually, I suppose I could put my routing entries at the bottom of this script rather than in crontab.)
Kev. ----- Original Message ----- From: "Shawn Grover" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 11, 2003 2:34 PM Subject: RE: (clug-talk) IPCop Dynamic DNS features and port forwarding > I think it does matter. > > For instance, if you have a "rule" that says to drop external connections, > and that rule comes before the port forwarding rules, the packet will be > dropped before it can be forwarded. > > I know with IPTables the order things happen is very important. IPCop uses > IPChains - which is the predecessor to IPTables. So I would assume it has > the same structure. > > Shawn > > -----Original Message----- > From: Jason Louie [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 11, 2003 2:33 PM > To: [EMAIL PROTECTED] > Subject: Re: (clug-talk) IPCop Dynamic DNS features and port forwarding > > > Does order really matter on this? Should I set EXTERNAL SERVICE > ACCESS > first before PORT FORWARDING? > > > Kevin Anderson wrote: > > > > I've never even seen Starcraft, and the last 2 games I played were Quake > 2, > > and the original Unreal. I've never played an online game of any type. > I'm > > being up front that I have no idea about the game, or what you need to > make > > it work. > > > > >From what you've said, I assume you want to forward port 6112 to your > > desktop. And *THAT* I can help with. > > > > I'm assuming you're running IPcop 1.2 > > > > First, log into the web client. Then go to SERVICES, then EXTERNAL > SERVICE > > ACCESS. > > > > Then create 2 entries. They should be: > > TCP - Blank - 6112 - enabled should be checked already - Default IP and > > click ADD. > > UDP - Blank - 6112 - enabled should already be checked - Default IP and > > click ADD. > > > > What this does is create firewall rules that allow TCP or UDP traffic to > be > > processed further rather than simply being dropped. > > > > Next, go to Services, then Port Forwarding. > > > > Again, 2 additional entries. > > TCP - 6112 source port - the Destination IP is the IPaddress of your son's > > desktop.(192.168.0.1 for example) - 6112 dest port - enabled - source IP > is > > default IP and then click add. > > Then do the same thing again, except with UDP as the protocol. > > > > That should be it. > > > > Kev. > > > > ----- Original Message ----- > > From: "Jason Louie" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, February 11, 2003 12:45 AM > > Subject: Re: (clug-talk) IPCop Dynamic DNS features and port forwarding > > > > > I don't think to problem resides in not forwarding ports, it seams 21 > > > and 80 are in fact working. It's port 6112 that I can't seam to get > > > open. How would I test to see if the port is indeed open. Most sites > > > I've found check only the main ports, (ftp, http, telnet...) The port I > > > need open according to Battle.net is port 6112 TCP/UDP. I've tried > > > http://www.auditmypc.com but no matter what I do port 6112 is stealth > > > where port 21 and 80 are open under the same conditions. > > > > > > I'm still trying different things trying to solve this problem, any new > > > suggestions are appreciated. > > > > > > Jason > > > > > > Kevin Anderson wrote: > > > > > > > > It won't be. > > > > > > > > You just need to load it up. It should be straight forward, and the > > IPcop > > > > docs talk about how to have it done automatically (read 'following a > > > > reboot') somewhere. This is one place that IPcop as me lost. They > > should > > > > have a file that autoruns when the system first starts. If they have > > one, I > > > > can't find it, and it isn't documented. My workaround (for routing) > was > > to > > > > add it to a cronjob that I run every minute. If the route is there, > it > > does > > > > nothing. If the route isn't there, it gets added. > > > > > > > > I would assume you could do something similar. Or you could just do > it > > > > manually following any reboots. (they'll be rare). > > > > > > > > Kev. > > > > > > > > ----- Original Message ----- > > > > From: "Shawn Grover" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Monday, February 10, 2003 5:32 PM > > > > Subject: RE: (clug-talk) IPCop Dynamic DNS features and port > forwarding > > > > > > > > > Thanks for triggering my memory Kevin. When I was researching > > IPTables, I > > > > > saw lots of PROC modules for allowing Warcraft, Unreal, etc. to work > - > > I > > > > > think I saw one for Starcraft as well. I don't think it was > specific > > to > > > > > IPtables or IPChains, but could be wrong.... > > > > > > > > > > Shawn > > > > > > > > > > -----Original Message----- > > > > > From: Kevin Anderson [mailto:[EMAIL PROTECTED]] > > > > > Sent: Monday, February 10, 2003 4:53 PM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: Re: (clug-talk) IPCop Dynamic DNS features and port > > forwarding > > > > > > > > > > > > > > > If you want a guess, I'd bet that IPChains will let it work, but > > tables > > > > > won't. > > > > > > > > > > I'm no firewalling genius, but I think what happened is that > IPtables > > does > > > > a > > > > > better job of passing related traffic than IPchains. My guess is > that > > > > your > > > > > problem will lie there. > > > > > > > > > > I would recommend googling for a starcraft masq module. You may > need > > one, > > > > > and then you'll be set. There are docs on how to install additional > > > > modules > > > > > on the ipcop.org site. > > > > > > > > > > Kev. > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "Jason Louie" <[EMAIL PROTECTED]> > > > > > To: "Clug Talk" <[EMAIL PROTECTED]> > > > > > Sent: Monday, February 10, 2003 4:52 PM > > > > > Subject: (clug-talk) IPCop Dynamic DNS features and port forwarding > > > > > > > > > > > > > > > > Thank you Jarrod for the great presentation on IPCop. It got me > > > > > > motivated to run home and install it and abandon my floppy disk > > router. > > > > > > I've plugged in a old 700mb HDD and gave it a whirl. I am very > > pleased > > > > > > in that it gave me no troubles and I don't have to reconfigure > after > > > > > > every reboot like some floppy distros I found. > > > > > > > > > > > > Now I was just wondering if anyone have used the dynamic DNS > > features > > > > > > on IPCop or have used the services of dhs.org, dyndns.org, > dyns.cx, > > > > > > easydns.com, hn.org, no-ip.com or zoneedit.com. I'm using > > dyndns.net > > > > > > currently but would like more info in these if anyone has any. > > > > > > > > > > > > My second question is regarding port forwarding. I...err... my > son > > > > > > plays Starcraft on a Windows machine inside the network and in > order > > to > > > > > > play online games port 6112 TCP/UDP is required to be forwarded to > > the > > > > > > Starcraft playing machine. I've set up the port forward and > > external > > > > > > service access but I see no improvement in playing Starcraft > online. > > Is > > > > > > there a way to check if this port is open? I've had the same > > problem > > > > > > with Coyote Linux but it worked with BBIagent, anyone with any > > ideas? > > > > > > > > > > > > Jason > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
