> CS> The problems above are almost certianly due to the setup of your
firewall rules. By not masquerading any outbound UDP traffic, you will
break any UDP protocols that expect to recieve data from the internet not
explicitly listed in DMZ_OPEN_DEST. Add any specific UDP protocols you're
using to DMZ_OPEN_DEST and see if that fixes things. If not, please post a
current firewall rules list, and details about which services are broken.
DG: Is it possible that it now becomes subject to the EXTERN_UDP_PORTS
setting? I don't have each of the UDP ports below specified there.
CS> No. You don't need to specify DMZ ports in EXTERN_UDP_PORTS, only in
DMZ_OPEN_DEST. The EXTERN_[UDP|TCP]_PORTS setting is only for ports open on
teh LRP box itself, and has no relation to DMZ services.
http://64.81.226.171/viewfw1.htm links to current firewall rules
CS> It doesn't look like your modification to ipfilter.conf 'took' (or at
least it's not reflected in the rules above):
<last bit of forward ipchain rule>
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
64.81.226.168/29 0.0.0.0/0 53 -> *
0 0 MASQ udp ------ 0xFF 0x00 eth0
64.81.226.168/29 0.0.0.0/0 * -> *
129K 21M MASQ all ------ 0xFF 0x00 eth0
192.168.1.0/24 0.0.0.0/0 n/a
22 872 DENY all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
</forward>
NOTE:
- You still have outbound traffic from the DMZ masqueraded (the first MASQ
rule)
- You have 22 Denied packets in the forward chain...you might want to log
these and see what they are...my guess is if you add proper rules to
DMZ_OPEN_DEST so these packets are accepted instead of denied (and change
the DMZ masq to allow), your game server will begin working.
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
