Thanks, I will try it out later this week I am back to work tomorrow and will not get back to it till at least tuesday but I will definitely report back. I did notice tonight that when I tried to use my FTP client to transfer some files to a web site I had to reboot with my stock dachstein disk since echowall would log in OK but could not receive the results of my commands and could not transfer files. I anm sure it is just one more config I have to check out.
I really like the stock Dachstein / Eigerstein setups for the security and flexibility. Gibson research reports all ports as stealthed with both setups yet I can FTP and play online games fine. I just can't host them. I believe echowall will be OK to host games with but it shows at least one port as closed instead of stealth and evidently must be configured for FTP. I am sure it is all my lack of knowledge that limits me with either. Thanks again, Kory Ray Olszewski wrote: > At 08:16 PM 11/4/01 -0500, Kory Krofft wrote: > >Tom, > >No. I am testing from inside. I assume it would route out and back in ok. > > This is always a bad assumption to make when testing firewalls. Maybe yes, > maybe no ... but you can never *count* on out-and-in working the same as a > true connection from the outside. > > >I > >just had a friend try from outside and it doesn't work either. My message > >loge from the firewall > >shows his IP address as being denied. > > Nov 4 19:07:07 markii kernel: Packet log: input DENY eth0 PROTO=17 > > 64.109.106.19:65037 65.28.237.42:27910 L=45 S=0x00 I=60764 F=0x0000 T=111 > >(#61) > >markii is my lrp box, 64.109.106.19 was his IP address. > > Well ... this suggests that Quake (or Quake2 or Quake3 -- whichever you are > really using) uses UDP 27910, not TCP 4242 (as shown in the echowall.rules > file). > > In fact, the rule block for Quake in echowall.rules is really just a dummy > ruleset, created solely as a placeholder, a ruleset not ever intended to > work. It dates back to my early work on EchoWall ... my older version of the > source has several placeholder rules using port 4242, and the one for Quake > has this note on it: > > # -- Quake [still need to check -- this is a > # -- DUMMY RULE to go in as placeholder] > > So ... to fix it, you probably just need to edit the QUAKE block of rules in > echowall.rules to read as follows: > > # -- Quake [still needs testing] > #QUAKE#$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 27910 -p udp -j ACCEPT > #QUAKE#if [ "$QUAKE_HOST" != "firewall" ]; then > #QUAKE#$IPMASQADM portfw -a -P udp -L $IP_EXT 27910 -R $QUAKE_HOST 27910 > #QUAKE#fi > > One caveat, though: the "problem apps for firewalls" site I usually used -- > http://www.tsmservices.com/masq/ -- lists the Quake/Quake2/Quake3 port as > UDP 27960, not 27910. So you might want to double check your log entry > before you make the changes (or after doing so, if they don't work). > > If either choice works, please let the list, or at least Scott and me, know > ... since neither of us has a Quake server running to test this EchoWall > feature. > > -- > ------------------------------------"Never tell me the odds!"--- > Ray Olszewski -- Han Solo > Palo Alto, CA [EMAIL PROTECTED] > ---------------------------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
