UT 2004 online play -- Firewall configuration (guarddog)
Linux - GamesThis forum is for all discussion relating to gaming in Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
UT 2004 online play -- Firewall configuration (guarddog)
I am unable to connect to UT 2004 online servers with the Firewall running. Without the firewall it works fine. I am using Guarddog to configure the firewall. What are the port(s) and protocol(s) I have to enable to allow UT 2004 to connect to the Internet?
yea, i just got UT2004 installed and it played a few sites. then it said get the update. so i found the 3369 linux update and ran it (copied and overwrote the older patch). then bam, no connect at all. i went in and looked to diable the firewall or ALLOW playing through it. i turned the Direct Play protocol on. nada.
yea, works without the FW here to. another problem i have is the resolution is stuck at 800x600. won't change and i even tried the software mode---nada! stay tuna
Location: Moriarty, NM, USA about 100 yards form Rattle Snake Coutry
Distribution: Slackware , Ubuntu
Posts: 269
Rep:
I don't use Guarddog but I did use KIptablesGenerator and my install of UT connects to the net with the firewall running.
Without having much iptables knowledge wanted something simple, which turned out to be KIptablesGenerator. It seemed to be a pretty idiot(me) proof set up. Also if you run Gnome, Firestarter is a really nice firewall.
Here is the rc.firewall script I am using:
Quote:
#!/bin/sh
# Copyright (c) 2004-2005 Frederick Emmott
# Produced by KIptablesGenerator, please see
# http://fredemmott.co.uk/index.php?page=kitg
# This script is under the terms of the GNU
# General Public License, Version 2, or at your
# option, any later version.
echo "Starting Iptables"
IPTABLES=/usr/sbin/iptables
function start() {
##### Set the incoming policy - this decides what happens with unmatches packets #####
$IPTABLES -P INPUT DROP
##### Interfaces whitelist #####
$IPTABLES -A INPUT -i lo -j ACCEPT
##### Hosts whitelist #####
##### Assorted defensive checks #####
$IPTABLES -A INPUT ! -i lo -d 127.0.0.0/8 -j DROP
$IPTABLES -N Flood-Scan
$IPTABLES -A INPUT -p tcp -m tcp --syn -j Flood-Scan
$IPTABLES -A Flood-Scan -m limit --limit 1/s --limit-burst 20 -j RETURN
$IPTABLES -A Flood-Scan -j DROP
$IPTABLES -A INPUT -p tcp -m tcp ! --syn -m conntrack --ctstate NEW -j DROP
$IPTABLES -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
##### sysctl-based defenses #####
# Help protect against spoofing
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $i;
done
# don't participate in smurf attacks
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Ignore ICMP redirects
for i in /proc/sys/net/ipv4/conf/*/accept_redirects ; do
echo 0 > $i;
done
# Ignore packets with source routing
for i in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
echo 0 > $i;
done
##### Connection tracking rules #####
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
$IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -m conntrack --ctstate RELATED -j ACCEPT
##### Rules to allow by ports and/or ICMP type #####
##### Port forwarding #####
}
function stop() {
$IPTABLES -X Flood-Scan
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > $i;
done
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
for i in /proc/sys/net/ipv4/conf/*/accept_redirects ; do
echo 1 > $i;
done
for i in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
echo 1 > $i;
done
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F
}
case $1 in
stop)
stop;
;;
restart)
stop;
start;
;;
*)
start;
esac
Thanks for the script . But I really don't want to overwrite my current firewall with this. I've set up Guarddog quite well and it's really user-friendly.
I wonder whether you could tell me which ports to enable and what protocol? That would be ideal...
Location: Moriarty, NM, USA about 100 yards form Rattle Snake Coutry
Distribution: Slackware , Ubuntu
Posts: 269
Rep:
Ok after a little hunting I found this on the atari forum:
Quote:
Firstly, the UT server needs to be able to listen to the TCP port which you have selected (if any) for your web admin port. It will also need to listen to several UDP ports and they are not always the same because they depend on which port you have selected for your game port. If you have selected 7777 as your game port (this is the default) then your server will want to listen to UDP ports 7777, 7778, 7779, 7780, and 7781. And, finally, UDP port 9999 is required for outgoing UDP traffic to the ngWorldStats site and UDP port 27900 is required for outgoing UDP traffic to the master server.
and on Gamehelper.com it lists ports 7777,7778,7779, and 27902 as the ones needing to be open.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.