This is sorta out of topic, but most routers default to default deny or nothing. So for something like a typical nonsecurity concious setup, you might first create a rule allowing all traffice (wan iface <--> local iface), then go back and deny specific traffic you don't want coming in. Or you might start with a rule denying all traffic then specifically allowing types of traffic. (i for instance always deny everything then just open specific ports both outbound and inbound.)
> i.c. Another guy responded and explained why he (or his company) would > restrict outbound, and I understand his reasoning, but I was thinking more > along the lines of your particular case. I would think that by including > an > outbound filter, unless you have very good reasons why you want to > restrict > users inside your firewall from getting anyplace on the Internet other > than > the IP's listed, that you are just creating a potential problem for > yourself. Also, you mentioned 2 outbound filters... the second being from > "any" to "any". Was this a typo? I know that the two are referencing diff > protocols but I still can't help but believe this is incorrect. Why > would > you create two outbound filters when the second filter essentially > nullifies > the first? I would think, under normal circumstances, you would need an > outbound filter that was simply set to allow everything and an inbound > filter set to allow the appropriate protocols on the appropriate ports > from > "any" to (your server). > > This would basically open your servers initial connection port (whatever > you > selected) to any host on the Internet while allowing your server to get > anyplace it needs to go. My server is behind a WG firewall and I have the > services configured as follows: > Incoming "allow" (My HL server IP address) Protocols/ports UDP 27015 TCP > 27015 from "any" > Outgoing "allow" from "any" to "any" > This works fine for me although I understand that different people may > have > reasons why they may want additional restrictions. > btw... in the WG 700 I believe the proper terminology is "allowed and > enabled". > > > -----Original Message----- > From: CYKO [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 28, 2006 7:47 AM > To: [email protected] > Subject: RE: [hlds] HL2DM Server now behind WG Firebox 700 was playable > bu tnot listed by STEAM > > > No Idea, it was in the knowledge base, but look here the game can be seen > by > game monitor > > CYKO'sT Low-Gravity Sniper! [Play] > IP: 69.74.70.242:27015 Players: 0/10 (average: 3.06) > Map: DM_Snipe_Reborn_V2 (2) > Consecutive Failed: 0 > Game: Half-Life 2 Deathmatch > Last Updated: 58s ago (cached: 0s) Month Uptime: % ( / ) > Last DB Update: 21m51s ago > > CYKO > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Edward Luna > Sent: Monday, March 27, 2006 8:24 PM > To: '[email protected]' > Subject: RE: [hlds] HL2DM Server now behind WG Firebox 700 was playable bu > tnot listed by STEAM > > I'm curious... why the outgoing filter from any to a list of IP addresses? > Why wouldn't you allow outbound from any to any? I can see restricting > inbound... but why outbound? > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, March 27, 2006 2:57 PM > To: [email protected] > Subject: Re: [hlds] HL2DM Server now behind WG Firebox 700 was playable > but > not listed by STEAM > > > The Linksys was running perfectly! with a nat route public to private and > I > have set up the firebox according to this article. > > You will need to add the following 2 custom services to your "Outbound" > firewall settings. > > CUSTOM SERVICE #1: (to allow you to log onto/dl updates from steam) > > Service Name: SteamLogonAuthAndUpdateServers (if firewall allows for > names) > (also: IP list updated to include Steam changes & Rag Doll Kung Foo update > servers) > > Protocols: > - TCP : 2790-2827 > - TCP : 2829-2999 > - TCP : 27009-27100 > - TCP : 1110-1139 > > Outgoing Filter: Allow > From: Any > To: > 65.39.204.210 > 68.142.72.250 > 68.142.88.250 > 68.142.88.34 > 69.90.119.2 > 69.28.151.62 > 69.28.151.82 > 69.28.151.162 > 69.28.151.178 > 69.28.151.190 > 69.28.153.82 > 69.28.163.62 > 69.28.173.38 > 82.71.218.105 > 82.39.204.210 > 146.82.146.110 > 207.173.177.11 > 207.173.177.12 > 207.173.177.13 > 207.173.177.14 > 207.173.177.15 > 207.173.177.16 > 207.173.177.17 > 207.173.177.18 > 207.173.177.19 > 207.173.177.100 > 207.173.177.110 > 207.173.177.120 > 207.173.177.130 > 207.173.177.140 > 207.173.177.150 > 207.173.177.160 > 207.173.177.170 > 207.173.177.180 > 207.173.177.190 > 207.173.177.200 > 207.173.177.210 > 207.173.177.220 > 208.146.35.121 > > > CUSTOM SERVICE #2: (to allow you to connect to game servers) > > Service Name: SteamGameServers (if firewall allows for names) > > Protocols: > - UTP : 27010-27020 (note, other PC games may use additional ports, if so > just simply add them to this list) > > Outgoing Filter: Allow > From: Any > To: Any > > CYKO > > ----- Original Message ----- > From: Stuart Stegall <[EMAIL PROTECTED]> > Date: Monday, March 27, 2006 2:07 pm > Subject: Re: [hlds] HL2DM Server now behind WG Firebox 700 was > playable but > not listed by STEAM > >> sv_region 255 doesn't always work, but I believe you've previously had >> it at 0 right? Also might wanna specify sv_lan 0. >> >> It seriously sounds like an issue with the configuration of the >> Firebox.Where you getting problems with your Linksys? (We are >> currently hosting around 22000 servers using Linksys WRT54Gs with our >> own custom OpenWRT distro for MAC filtering) >> >> On Mon, 2006-03-27 at 13:52 -0500, [EMAIL PROTECTED] wrote: >> > This Server was full fuctional on Friday, I replaced a linksys >> router with the firebox on Saturday and configured the ports to foward >> the game like it was for the linksys router. >> > >> > Here is full config file. >> > // Use this file to configure your DEDICATED server. >> > // This config file is executed everytime the server changes levels. >> > // ------- >> > // Any modifications made to this file will not take affect >> before the server has been restarted. >> > >> > hostname "CYKO'sT Low-Gravity Sniper - Original Flavor!" >> > // Passwords >> > >> > //sv_password xxxxxxxxxxxxxx >> > rcon_password xxxxxxxxxxxxx >> > >> > // Server Settings >> > >> > Log 1 >> > >> > sv_maxspeed 250 >> > sv_cheats 0 >> > sv_alltalk 0 >> > sv_minrate 50 >> > sv_maxrate 30000 >> > sv_gravity 85 >> > sv_allowupload 1 >> > sv_allowdownload 1 >> > sv_region 255 >> > >> > >> > sv_rcon_minfailures 2 >> > sv_rcon_maxfailures 3 >> > sv_rcon_banpenalty 60 >> > sv_rcon_minfailuretime 30 >> > >> > mp_fraglimit 25 >> > mp_timelimit 0 >> > mp_flashlight 1 >> > mp_footsteps 1 >> > mp_forcerespawn 0 >> > >> > // load ban files >> > exec banned.cfg >> > exec banned_ip.cfg >> > exec mani_server.cfg >> > exec weapons.cfg >> > >> > >> > >> > >> > ----- Original Message ----- >> > From: Stuart Stegall <[EMAIL PROTECTED]> >> > Date: Monday, March 27, 2006 1:33 pm >> > Subject: Re: [hlds] HL2DM Server now behind WG Firebox 700 was >> playable but not listed by STEAM >> > >> > > There's actually a possibility of several things here. One is >> > > that a port is blocked upstream of your router. Second is that >> > > your >> ip is >> > > blocked by Valve. >> > > >> > > Sometimes upstream prodivers block ports who knows what >> reason, though >> > > generally it's because they are either being DoS'd or there's an >> > > exploitthat's using that port and they are blocking it for a >> > > couple of weeks. >> > > Unless you have some kind of dedicated port, you generally >> don't get >> > > notified of these port blockings. >> > > >> > > The second problem could be checked by seeing if your shows up on >> > > GameSpy. We had an IP range we purchased that was being >> blocked by >> > > Valve (actually turned out it was being blocked by a LOT of >> > > people, damn >> > > hackers) and while we couldn't find it through the Steam server >> > > listings, they did show up @ GameSpy. >> > > >> > > Also, I assume you've double checked that your Firebox is >> > > forwarding the ports to this server. >> > > >> > > Post your full config file as well. (minus your rconpassword >> please)> > >> > > On Mon, 2006-03-27 at 10:16 -0500, [EMAIL PROTECTED] wrote: >> > > > It is UDP ports 27010-27020 >> > > > >> > > > ----- Original Message ----- >> > > > From: Whisper <[EMAIL PROTECTED]> >> > > > Date: Monday, March 27, 2006 7:50 am >> > > > Subject: Re: [hlds] HL2DM Server now behind WG Firebox 700 was >> > > playable but not listed by STEAM >> > > > >> > > > > -- >> > > > > [ Picked text/plain from multipart/alternative ] Good Luck >> > > > > trying to get anywhere with UTP, you are going to >> > > need it. >> > > > > >> > > > > I think you will find the author of article meant UDP, >> which may >> > > > > allow you >> > > > > to get somewhere. >> > > > > >> > > > > On 3/27/06, CYKO <[EMAIL PROTECTED]> wrote: >> > > > > > >> > > > > > From this article >> > > > > > >> > > > > > >> > > > > > >> > > > > >> > > >> > http://forums.steampowered.com/forums/showthread.php?s=&threadid=297338&high >> light=watchguard >> > > > > > >> > > > > > -----Original Message----- >> > > > > > From: [EMAIL PROTECTED] >> > > > > > [mailto:[EMAIL PROTECTED] On Behalf Of >> Whisper> > > > > Sent: Monday, March 27, 2006 7:32 AM >> > > > > > To: [email protected] >> > > > > > Subject: Re: [hlds] HL2DM Server now behind WG Firebox >> 700 was >> > > > > playable> but >> > > > > > not listed by STEAM >> > > > > > >> > > > > > -- >> > > > > > [ Picked text/plain from multipart/alternative ] >> Universal Time >> > > > > Protocol ? >> > > > > > :D >> > > > > > >> > > > > > On 3/27/06, CYKO <[EMAIL PROTECTED]> wrote: >> > > > > > > >> > > > > > > I have added the following ports to be opened >> > > > > > > >> > > > > > > Protocols: >> > > > > > > - TCP : 2790-2827 >> > > > > > > - TCP : 2829-2999 >> > > > > > > - TCP : 27009-27100 >> > > > > > > - TCP : 1110-1139 >> > > > > > > >> > > > > > > - UTP : 27010-27020 >> > > > > > > >> > > > > > > CYKO >> > > > > > > >> > > > > > > -----Original Message----- >> > > > > > > From: [EMAIL PROTECTED] >> > > > > > > [mailto:[EMAIL PROTECTED] On Behalf >> Of kyle >> > > > > > > Sent: Monday, March 27, 2006 1:36 AM >> > > > > > > To: [email protected] >> > > > > > > Subject: RE: [hlds] HL2DM Server now behind WG Firebox >> 700 was >> > > > > > > playable but not listed by STEAM >> > > > > > > >> > > > > > > -- >> > > > > > > [ Picked text/plain from multipart/alternative ] Sv_region >> > > > > should be >> > > > > > > set at either 1 or 255 if I'm correct. >> > > > > > > >> > > > > > > my server is set at 1, and it can be seen around the >> world.> > > > > > >> > > > > > > -------Original Message------- >> > > > > > > >> > > > > > > From: CYKO >> > > > > > > Date: 03/26/06 15:52:57 >> > > > > > > To: [email protected] >> > > > > > > Subject: RE: [hlds] HL2DM Server now behind WG Firebox >> 700 was >> > > > > > > playable but not listed by STEAM >> > > > > > > >> > > > > > > sv_region 0 >> > > > > > > >> > > > > > > From the cfg file >> > > > > > > >> > > > > > > -----Original Message----- >> > > > > > > From: [EMAIL PROTECTED] >> > > > > > > [mailto:[EMAIL PROTECTED] On Behalf >> Of kyle >> > > > > > > Sent: Sunday, March 26, 2006 6:35 PM >> > > > > > > To: [email protected] >> > > > > > > Subject: Re: [hlds] HL2DM Server now behind WG Firebox >> 700 was >> > > > > > > playable but not listed by STEAM >> > > > > > > >> > > > > > > -- >> > > > > > > [ Picked text/plain from multipart/alternative ] >> What's your >> > > > > region> > setting set to. >> > > > > > > >> > > > > > > -------Original Message------- >> > > > > > > >> > > > > > > From: CYKO >> > > > > > > Date: 03/26/06 14:20:53 >> > > > > > > To: [email protected] >> > > > > > > Subject: [hlds] HL2DM Server now behind WG Firebox 700 was >> > > > > playable> > but not listed by STEAM >> > > > > > > >> > > > > > > This is a multi-part message in MIME format. >> > > > > > > -- >> > > > > > > [ Picked text/plain from multipart/alternative ] HELP, >> > > Perviously> > > > running server HL2DM, is still running and was >> > > playable behind >> > > > > a WG >> > > > > > > Firebox 700, You can play the server as long as it is >> in your >> > > > > > > favorites, but if you list the internet games, the server >> > > is not >> > > > > > > listed. So no one new can see the game running, unless it >> > > on their >> > > > > > > favorits. >> > > > > > > >> > > > > > > I have added a NAT entry (Public IP) to Internal >> server (IP) >> > > > > on the >> > > > > > > firebox, that helps play the game, but I can not get the >> > > > > server listed >> > > > > > > by name, but if you add the IP into favorites, that >> name comes >> > > > > up. But >> > > > > > > that now has stopped working, No i can not even get on the >> > > > > server.!> > >> > > > > > > What ports besides 27015 do I need to openup on the >> firewall?> > > > > > >> > > > > > > >> > > > > > > >> > > > > > > CYKO >> > > > > > > -- >> > > > > > > >> > > > > > > _______________________________________________ >> > > > > > > To unsubscribe, edit your list preferences, or view >> the list >> > > > > archives,> > please visit: >> > > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds >> > > > > > > >> > > > > > > -- >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > _______________________________________________ >> > > > > > > To unsubscribe, edit your list preferences, or view >> the list >> > > > > archives,> > please visit: >> > > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > _______________________________________________ >> > > > > > > To unsubscribe, edit your list preferences, or view >> the list >> > > > > archives,> > please visit: >> > > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds >> > > > > > > >> > > > > > > -- >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > _______________________________________________ >> > > > > > > To unsubscribe, edit your list preferences, or view >> the list >> > > > > archives,> > please visit: >> > > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > _______________________________________________ >> > > > > > > To unsubscribe, edit your list preferences, or view >> the list >> > > > > archives,> > please visit: >> > > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds >> > > > > > > >> > > > > > -- >> > > > > > >> > > > > > _______________________________________________ >> > > > > > To unsubscribe, edit your list preferences, or view the list >> > > > > archives,> please visit: >> > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds >> > > > > > >> > > > > > >> > > > > > >> > > > > > _______________________________________________ >> > > > > > To unsubscribe, edit your list preferences, or view the list >> > > > > archives,> please visit: >> > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds >> > > > > > >> > > > > -- >> > > > > >> > > > > _______________________________________________ >> > > > > To unsubscribe, edit your list preferences, or view the list >> > > > > archives, please visit: >> > > > > http://list.valvesoftware.com/mailman/listinfo/hlds >> > > > > >> > > > >> > > > _______________________________________________ >> > > > To unsubscribe, edit your list preferences, or view the list >> > > archives, please visit: >> > > > http://list.valvesoftware.com/mailman/listinfo/hlds >> > > >> > > >> > > _______________________________________________ >> > > To unsubscribe, edit your list preferences, or view the list >> > > archives, please visit: >> > > http://list.valvesoftware.com/mailman/listinfo/hlds >> > > >> > >> > _______________________________________________ >> > To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> > http://list.valvesoftware.com/mailman/listinfo/hlds >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
