Thanks Kennycom! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kennycom Sent: Thursday, December 30, 2004 4:59 AM To: [email protected] Subject: Re: [hlds_linux] Iptables help! ;-)
As I had said, the Iptable string needs to tailored per the setup on the box it is used on. In usage with FFW the box has 2 NIC's,, the inside NIC is referred to as the INSIDE_DEVICE (aka eth1). If there are not going to be any client machines ran on the network access the game server then you can pretty much drop the POSTROUTING string. It just insures that inside machines can view servers on that port using the WAN IP from inside the network. Kennycom ----- Original Message ----- From: "danal1" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, December 29, 2004 4:56 PM Subject: RE: [hlds_linux] Iptables help! ;-) > Thanks Kennycom! > > One more pesky question, I looked on Floppyfw site and > in my config file. What is an ${INSIDE_DEVICE} ? > > I understand internal network and outside ip etc but what > is an ${INSIDE_DEVICE}? > Thanks for all you help! > > Dana > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Kennycom > Sent: Sunday, December 26, 2004 5:52 PM > To: [email protected] > Subject: Re: [hlds_linux] Iptables help! ;-) > > > Yes Kennycom1 is bound to a static internal IP. If you look on your FFW > floppy and open the firewall.ini file (Firewall Configurations Settings > file > if viewed on a windows box) you will find your Iptable in there, and you > will see how to bind whatever name you want to use for your game server to > an IP... > > > ----- Original Message ----- > From: "danal1" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Sunday, December 26, 2004 8:23 AM > Subject: RE: [hlds_linux] Iptables help! ;-) > > >> Hi Kennycom, >> Thanks for the reply! >> >> Is Kennycom1_ip your server inside your nat network >> using an inside ip? >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] Behalf Of Kennycom >> Sent: Saturday, December 25, 2004 10:38 PM >> To: [email protected] >> Subject: Re: [hlds_linux] Iptables help! ;-) >> >> >> Here is my iptables setup,, there is a port range, as at times I have >> more >> then 1 server running (CSS/HL2dm). If you are just going to be running 1 >> game process on the 1 server then edit it . I am sure that someone here >> will >> probably point out a few lines that could be dropped for your purposes. >> If >> there is no need to insure access from the inside network to the >> gameserver >> with a client game then drop the postrouting strings, as they are >> probably >> redundent but help insure everything works. >> >> # CS >> >> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 1200 -j >> DNAT --to ${KENNYCOM1_IP}:1200 >> >> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 1200 -o >> ${INSIDE_DEVICE} -j ACCEPT >> >> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27020 -j >> DNAT --to ${KENNYCOM1_IP}:27020 >> >> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27020 -o >> ${INSIDE_DEVICE} -j ACCEPT >> >> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport >> 27000:27016 -j >> DNAT --to ${KENNYCOM1_IP}:27000-27016 >> >> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27000:27016 -o >> ${INSIDE_DEVICE} -j ACCEPT >> >> iptables -A POSTROUTING -t nat -p udp -d ${KENNYCOM1_IP} --dport >> 27000:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to >> ${OUTSIDE_IP} >> >> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport >> 27030:27039 -j >> DNAT --to ${KENNYCOM1_IP}:27030-27039 >> >> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27030:27039 -o >> ${INSIDE_DEVICE} -j ACCEPT >> >> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport >> 27030:27039 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to >> ${OUTSIDE_IP} >> >> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport >> 27015:27016 -j >> DNAT --to ${KENNYCOM1_IP}:27015-27016 >> >> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27015:27016 -o >> ${INSIDE_DEVICE} -j ACCEPT >> >> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport >> 27015:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to >> ${OUTSIDE_IP} >> >> >> Other information can be found at www.iptables.org >> >> =) >> ----- Original Message ----- >> From: "danal1" <[EMAIL PROTECTED]> >> To: <[email protected]> >> Sent: Saturday, December 25, 2004 3:37 PM >> Subject: [hlds_linux] Iptables help! ;-) >> >> >>> Hi, >>> Does anyone use the Linux server behind an iptables firewall? >>> >>> If so, could you email your Ipmasquerade and forwarding rules and port >>> settings tcp and udp for >>> the HLDS? >>> >>> Thanks! >>> >>> This is a great list to be on! >>> Dana >>> >>> >>> -- >>> No virus found in this outgoing message. >>> Checked by AVG Anti-Virus. >>> Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004 >>> >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> -- >> No virus found in this incoming message. >> Checked by AVG Anti-Virus. >> Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004 >> >> -- >> No virus found in this outgoing message. >> Checked by AVG Anti-Virus. >> Version: 7.0.296 / Virus Database: 265.6.5 - Release Date: 12/26/2004 >> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > -- > No virus found in this incoming message. > Checked by AVG Anti-Virus. > Version: 7.0.296 / Virus Database: 265.6.5 - Release Date: 12/26/2004 > > -- > No virus found in this outgoing message. > Checked by AVG Anti-Virus. > Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/2004 > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/2004 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/2004 _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
