LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   [MS Direct Play DNAT SNAT] (https://www.linuxquestions.org/questions/linux-networking-3/%5Bms-direct-play-dnat-snat%5D-22664/)

MrGreg 06-05-2002 11:58 AM
[MS Direct Play DNAT SNAT]
 
Greetings Group,
My little network uses a Linux gateway running iptables. I have successfully created a PREROUTING and FORWARD chain to allow MS Direct Play server to funtion on a Win box within the network. This box is able to connect to and run games through the MS Game Zone.

Here is the script which works for one box using the zone:

#!/bin/sh
# Script named "opengame" to open gaming ports for the zone.msn.com
# MS Direct Play Server
#
echo "opening wifey's game ports and exposing my precious system to an
_abnormally permiscuous state of vulnerability" _ _ _ _ _ _ _ #Keith
iptables -t nat -I PREROUTING -p tcp --dport 2300:2400 -i ppp0 -j DNAT --to
_192.168.1.20
iptables -t nat -I PREROUTING -p udp --dport 2300:2400 -i ppp0 -j DNAT --to
_192.168.1.20
iptables -t nat -I PREROUTING -p udp --dport 28800:29100 -i ppp0 -j DNAT --to
_192.168.1.20
iptables -t nat -I PREROUTING -p tcp --dport 47624 -i ppp0 -j DNAT --to
_192.168.1.20
iptables -t nat -I PREROUTING -p udp --dport 47624 -i ppp0 -j DNAT --to
_192.168.1.20
#
# Forwarding
iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 2300:2400 -j ACCEPT
iptables -I FORWARD -p udp -d 192.168.1.20 --dport 2300:2400 -j ACCEPT
iptables -I FORWARD -p udp -d 192.168.1.20 --dport 28800:29100 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.1.20 --dport 47624 -j ACCEPT
iptables -I FORWARD -p udp -d 192.168.1.20 --dport 47624 -j ACCEPT
#
sleep 2
ehco "done"

I would like to enable another Win box (192.168.1.19) that can use the zone and also engage in play with the other Win box (192.168.1.20). Any suggestions would be greatly appreciated.

farmer6re9

jrmann1999 06-06-2002 03:06 PM
You have run into the eternal problem with DNAT/SNAT. It's great for single host routes, but when you want to route multiple clients across and have them be able to talk to each other you run into issues. The basic problem is that you are setting up essentially static routes which can't be overcome. Connection Tracking helps in this regard but you'd probably have to develop some module from scratch(similar to ip_conntrack_ftp) and that can become a beast.

MrGreg 06-09-2002 06:58 PM
jrmann1999,

I certainly appreciate the reply. Just as I suspected, a gnarly beast to tame. It also seems that since one of the Win Boxen is predominately running Linux, that when it's booted temporarily into Win, my gateway stills sees it's MAC address as the Linux Boxes NIC, and does not resolve properly with my DNS. If I knew where to look, and how to flush the old routes properly I might yet be able to tame the beast into submission.

Thanks again,

farmer6re9


All times are GMT -5. The time now is 03:32 AM.