On Fri, Oct 31, 2008 at 01:27:40PM -0400, Lowell Gilbert wrote:
> Jeremy Chadwick <[EMAIL PROTECTED]> writes:
> 
> > On Fri, Oct 31, 2008 at 12:35:30PM -0400, Lowell Gilbert wrote:
> 
> >> Okay, I guess I'm a little confused by the line about "ONLY allow data
> >> back on these ports IF the windows box has established the connection
> >> out first then deny everything else."  I read that as saying that the
> >> Windows box had sent a packet on the same connection (4-tuple, at
> >> least) that should be later accepted heading *to* the Windows box.
> >> That's just a stateful rule, and it seems to be at odds with what you
> >> wrote in your first message in the thread.  The apparent disagreement
> >> was why I said anything in the first place; it sounds like there's
> >> more than one model of how the game works.
> >
> > I understand the confusion.  Here's the actual protocol that the game
> > appears to be using (since the OP has stated forwarding a port range to
> > his LAN PC solves the problem -- meaning, his original description of
> > how the game protocol worked is accurate):
> 
> I see.  If that is the case, then the word "connection" in the line I
> quoted from Jack Barnett does *not* mean a TCP session, but something
> a little more nebulous.  "Game session" might cover it.  
> 
> [I *was* aware of that possible confusion, which was why I specified
> an address/port tuple as the definition of "connection."]
> 
> Sorry for the distraction; I see that (short of a deep-inspection
> snooping of the protocol), what has already been done is as good as
> you can get.

Nah, it's cool -- the misunderstanding is... understandable.  :-)

I've never seen a game behave this way (specifically, the gameserver
initiating a *brand new connection* rather than utilising an existing
one, or having the client initiate a connection to the server -- in
which case, a stateful firewall will work perfectly and no firewall
rules are needed).

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to