[Masq] Head-Scratching...

Tue, 18 Dec 2001 11:26:25 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


                 Hello, everyone...  I have a strange problem here that I 
need another set of eyes on...  I expect I am doing something simple wrong, 
but damned if I can figure out what....

         Linux Box running Slackware 2.2.19.  RC.FIREWALL is:
         ===========================
#!/bin/sh
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc ports=6666,6667,6668,9000
#/sbin/modprobe ip_masq_cuseeme
#/sbin/modprobe ip_masq_vdolive
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_ip_always_defrag
#
/sbin/ipchains -F
/sbin/ipchains -M -S 7200 10 160
echo " ...FW: MASQ ..."
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i ppp0 -j MASQ
#
# Tweak speeds
/sbin/ipchains -A output -p tcp -d 0.0.0.0/0 telnet -t 0x01 0x10
/sbin/ipchains -A output -p tcp -d 0.0.0.0/0 ftp -t 0x01 0x10
/sbin/ipchains -A output -p tcp -s 0.0.0.0/0 ftp-data -t 0x01 0x08
/sbin/ipchains -A output -p tcp -s 0.0.0.0/0 www -t 0x01 0x08
#  Set up for ICQ
echo " ...FW: ICQ ..."
ipchains -A forward -p tcp -s 0/0 5190:5190 -d 192.168.1.0 5190:5190 -v
#
#  Now setup game-specific environments
#
# MechWarrior4 (Direct Play DX8.x)
echo " ...FW: DirectPlay 8.x Games..."
ipchains -A forward -p tcp -s 0/0 6073:6073 -d 192.168.1.0 6073:6073 -v
ipchains -A forward -p udp -s 0/0 2300:2400 -d 192.168.1.0 2300:2400 -v
ipchains -A output -p udp -s 0/0 2300:2400 -t 0x01 0x08 -v
#
ipchains -L
         ===========================

         The problem is this... the only machine that can connect via 
Direct Play (DX8.x) is the workstation at 192.1681.1.2 ...  this is for my 
home LAN, obviously.  I can put any machine I want at .2, and play.  Move 
that machine to any other IP address and it cannot connect to the target 
server.

         Can anyone point out to me what it is that I did wrong here?  AFAI 
understand, the whole LAN ought to be able to connect if I use .0 ...

         Thanks in advance for comments.


        --Michel
         "...In a New York minute, Everything can change.
         In a New York minute, Nothing is the same..."
                 -- Don Henley, Album - The End of the Innocence, 1989

         (NEW ICQ #137401206)

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to