On Mon, 31 May 2004 06:04:40 -0400, Chance Sullivan <[EMAIL PROTECTED]> wrote:
Adam's analysis is correct. Basicly, you add a rule like so:
rdr on $eth0 inet proto udp from any to $eth0 port 27015 -> ser.ver.ip.addy port 27015
Which means, any packets coming from the internet to the NAT device on port 27015 should be sent to the machine with the ip of ser.ver.ip.addy. This opens that port which the HLDS is running on to the internet. Basicly, punching a hole through nat. the server itself will open up whatever ports it needs to in order to communicate with the master server and NAT will properly translate it and keep state so a return path is open so it can communicate with the master servers. NAT will also work with the client because it uses a port in 1024-65535 range to open a connection to a server at with a port of 27015. Mapping the 27015 is only needed for when your running a server through a NAT device. Opening the port is needed when your running a firewall. Most NAT/Firewall combos do both automaticly once you tell it the rule to use.
Yes, what I meant was a rule like this:
nat on $ext_if proto udp from serverip port 27015 to any -> ($ext_if) static-port
To make sure traffic initiated by the server from 27015 (like to the master servers) als comes from port 27015 on the router, not some random port assigned by the NAT router.
If this is needed as a seperate rule depends very much on the NAT router used.
Maarten
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
