UT 2004 online play -- Firewall configuration (guarddog)

vharishankar · 02-26-2006, 02:50 AM

I am unable to connect to UT 2004 online servers with the Firewall running. Without the firewall it works fine. I am using Guarddog to configure the firewall. What are the port(s) and protocol(s) I have to enable to allow UT 2004 to connect to the Internet?

lenny45 · 02-26-2006, 10:43 PM

yea, i just got UT2004 installed and it played a few sites. then it said get the update. so i found the 3369 linux update and ran it (copied and overwrote the older patch). then bam, no connect at all. i went in and looked to diable the firewall or ALLOW playing through it. i turned the Direct Play protocol on. nada.

guess i'll try turning GD off.......

where's Satinet at?

vharishankar · 02-26-2006, 11:06 PM

It works without the firewall for me...

But I've not yet installed the patch. I'm currently downloading it... I'll see what effect that has on online gameplay.

lenny45 · 02-27-2006, 12:42 AM

yea, works without the FW here to. another problem i have is the resolution is stuck at 800x600. won't change and i even tried the software mode---nada! stay tuna

vharishankar · 03-04-2006, 08:09 AM

This is receiving a bump! Please share any solutions here. Still unable to play UT 2004 with the firewall..

I don't want to disable firewall, since I am running Apache on my machine and I don't want it to be accessible to the outside world.

kak · 03-04-2006, 08:52 AM

I don't use Guarddog but I did use KIptablesGenerator and my install of UT connects to the net with the firewall running.
Without having much iptables knowledge wanted something simple, which turned out to be KIptablesGenerator. It seemed to be a pretty idiot(me) proof set up. Also if you run Gnome, Firestarter is a really nice firewall.
Here is the rc.firewall script I am using:

Quote:

#!/bin/sh
# Copyright (c) 2004-2005 Frederick Emmott
# Produced by KIptablesGenerator, please see
# http://fredemmott.co.uk/index.php?page=kitg
# This script is under the terms of the GNU
# General Public License, Version 2, or at your
# option, any later version.
echo "Starting Iptables"
IPTABLES=/usr/sbin/iptables

function start() {
##### Set the incoming policy - this decides what happens with unmatches packets #####
$IPTABLES -P INPUT DROP

##### Interfaces whitelist #####
$IPTABLES -A INPUT -i lo -j ACCEPT
##### Hosts whitelist #####

##### Assorted defensive checks #####
$IPTABLES -A INPUT ! -i lo -d 127.0.0.0/8 -j DROP
$IPTABLES -N Flood-Scan
$IPTABLES -A INPUT -p tcp -m tcp --syn -j Flood-Scan
$IPTABLES -A Flood-Scan -m limit --limit 1/s --limit-burst 20 -j RETURN
$IPTABLES -A Flood-Scan -j DROP
$IPTABLES -A INPUT -p tcp -m tcp ! --syn -m conntrack --ctstate NEW -j DROP
$IPTABLES -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

##### sysctl-based defenses #####
# Help protect against spoofing
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $i;
done
# don't participate in smurf attacks
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Ignore ICMP redirects
for i in /proc/sys/net/ipv4/conf/*/accept_redirects ; do
echo 0 > $i;
done
# Ignore packets with source routing
for i in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
echo 0 > $i;
done

##### Connection tracking rules #####
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
$IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -m conntrack --ctstate RELATED -j ACCEPT

##### Rules to allow by ports and/or ICMP type #####

##### Port forwarding #####
}
function stop() {
$IPTABLES -X Flood-Scan
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > $i;
done
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
for i in /proc/sys/net/ipv4/conf/*/accept_redirects ; do
echo 1 > $i;
done
for i in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
echo 1 > $i;
done
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F
}
case $1 in
stop)
stop;
;;
restart)
stop;
start;
;;
*)
start;
esac

vharishankar · 03-04-2006, 09:20 AM

Thanks for the script

. But I really don't want to overwrite my current firewall with this. I've set up Guarddog quite well and it's really user-friendly.

I wonder whether you could tell me which ports to enable and what protocol? That would be ideal...

kak · 03-04-2006, 10:47 AM

Ok after a little hunting I found this on the atari forum:

Quote:

Firstly, the UT server needs to be able to listen to the TCP port which you have selected (if any) for your web admin port. It will also need to listen to several UDP ports and they are not always the same because they depend on which port you have selected for your game port. If you have selected 7777 as your game port (this is the default) then your server will want to listen to UDP ports 7777, 7778, 7779, 7780, and 7781. And, finally, UDP port 9999 is required for outgoing UDP traffic to the ngWorldStats site and UDP port 27900 is required for outgoing UDP traffic to the master server.

and on Gamehelper.com it lists ports 7777,7778,7779, and 27902 as the ones needing to be open.

vharishankar · 03-04-2006, 08:34 PM

Thanks, Kak!