/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Jack Minshull wrote: > Hello, > > I have installed Redhat 7.1 with the intention of running a Tribes 2 game > server. I have ip-masq working fine and with the simple ruleset firewall > loaded, people can connect to my T2 server just fine. > > However I would like to run the stronger ruleset firewall and in the process > perhaps learn a thing or two about iptables. I have successfully configured > ip-masq and editted the following stronger rc.firewall example to suit my > network configuration. > > http://www.e-infomax.com/ipmasq/howto/c-html/stronger-firewall-examples.html > #RC.FIREWALL-2.4.X-STRONGER > > The difficulty I am having is in opening the correct tcp port range to allow > game traffic. I have added the following lines but it still will not allow > traffic in to the server. For the record, I can play the game fine on my and > other internet servers, from my masq'd Win98 machine. > > In the INPUT rulesets area, above the related and catch-all rulesets: > > # remote interface, any source, going to Tribes 2 port 28000 is valid > # > $IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -p TCP --dport 28000:28009 -j > ACCEPT > > In the OUTPUT ruleset area, again above the catch-all ruleset: > > # remote interface, any source, going to Tribes 2 port 28000 is valid > # > $IPTABLES -A OUTPUT -o $EXTIF -d $UNIVERSE -p TCP --sport 28000:28009 -j > ACCEPT > > If anyone could identify what might be wrong I'd certainly appreciate any > help you can offer. log dropped packets. then look at the log messages. that will tell you what you are missing. i suspect these rules need to be on the forward chain, rather than the input and output chains if the client is a masqueraded win98 machine. > Also can the source/destination port switch be left out > altogether? For example, could you use just -p TCP 28000:28009? no. btw, it's quicker to ask iptables itself. > Thanks in advance, > > Jack Minshull raf _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
