IPTables+RHEL 5 internet sharing

eagle06 · 03-29-2010, 03:22 PM

Hey all,

I've setup my home gateway machine to be a proxy server with squid, and basically it is setup like this:
((INTERNET)) <--PPPOE Cable Modem over Ethernet (Eth1)--> [[[SERVER]]] <-- (ETH0, DNS/DHCP/Squid basically internal network) --> SWITCH --> REST OF PC's

It's working perfectly, all the PCs have IP Addresses via static ips, they all have Internet Access when setup properly in Firefox/IE (I have a proxy configuration URL in network settings to make things easier) and everyone can access the internet with no problems.

The only issue is that I can't figure out how to allow users on the network to play games online such as World of Warcraft, Warcraft 3, etcetc. I have a full port list, i've tried a few things with IPTables but I can't figure it out.

Should I switch to a transparent proxy? I'm not sure if this is what I want, as I read that SSL doesn't work over transparent proxies (as I need to access netbanking, which is SSL, tax office which is SSL, and countless other sites that support SSL).

Help would be appreciated as I am sitting here scratching my head and my family are starting to get a little annoyed that they can't play their MMO's. :P

Ipconfig in my rhel 5 pc

Code:

 1.
      ifconfig
   2.
      eth0      Link encap:Ethernet  HWaddr 18:A9:05:3B:3F:DC  
   3.
                inet addr:172.31.1.15  Bcast:172.31.1.63  Mask:255.255.255.192
   4.
                inet6 addr: fe80::1aa9:5ff:fe3b:3fdc/64 Scope:Link
   5.
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
   6.
                RX packets:10873466 errors:0 dropped:0 overruns:0 frame:0
   7.
                TX packets:10469673 errors:0 dropped:0 overruns:0 carrier:0
   8.
                collisions:0 txqueuelen:1000
   9.
                RX bytes:950060837 (906.0 MiB)  TX bytes:4264116803 (3.9 GiB)
  10.
                Interrupt:138 Memory:f8000000-f8012100
  11.
       
  12.
      eth1      Link encap:Ethernet  HWaddr 18:A9:05:3B:3F:DE  
  13.
                inet addr:210.212.48.15  Bcast:210.212.48.63  Mask:255.255.255.192
  14.
                inet6 addr: fe80::1aa9:5ff:fe3b:3fde/64 Scope:Link
  15.
                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  16.
                RX packets:29798851 errors:0 dropped:0 overruns:0 frame:0
  17.
                TX packets:25584749 errors:0 dropped:0 overruns:0 carrier:0
  18.
                collisions:0 txqueuelen:1000
  19.
                RX bytes:3650344960 (3.3 GiB)  TX bytes:1549259280 (1.4 GiB)
  20.
                Interrupt:146 Memory:f6000000-f6012100
  21.
       
  22.
      lo        Link encap:Local Loopback  
  23.
                inet addr:127.0.0.1  Mask:255.0.0.0
  24.
                inet6 addr: ::1/128 Scope:Host
  25.
                UP LOOPBACK RUNNING  MTU:16436  Metric:1
  26.
                RX packets:20660 errors:0 dropped:0 overruns:0 frame:0
  27.
                TX packets:20660 errors:0 dropped:0 overruns:0 carrier:0
  28.
                collisions:0 txqueuelen:0
  29.
                RX bytes:6065924 (5.7 MiB)  TX bytes:60659

client windows ip config

Code:

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : 
   IPv4 Address. . . . . . . . . . . : 172.19.1.247
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Default Gateway . . . . . . . . . : 172.19.0.1

And is their ant way to allow only specific ips to access squid server for using internet?
Also is there any other way other than using squid ?Like only iptables and static ips

nimnull22 · 03-29-2010, 05:43 PM

What exactly is necessary to play online games?
I have no idea what do you need to do for it, so if you tell us what is any game requirement we will suggest you what to do.

eagle06 · 03-29-2010, 11:06 PM

the game rquires the following TCP/UDP ports

Code:

11031,
 11235-11335

nimnull22 · 03-30-2010, 11:22 AM

What to do with them. Open, close, incoming connection, outgoing? What?

And 11235-11335 = 100 ports - too many.

Games, normally, have to start connection first, so if you allow outgoing TCP/UDP connection to a games server IP they should connect.

eagle06 · 03-30-2010, 11:40 AM

How to allow outgoing TCP/UDP connection to a games server IP .

There are three proxy servers in my lan 172.31.1.3/4/6 which all require authentication in browser settings.

I have full access to 172.31.1.15 which is also in lan but connected to internet directly.

I want to use 172.31.1.15 for my game access.How to set games or proxy so that all use 172.31.1.15 server.In browser if i set squid proxy i can enter proxy settings as 172.31.1.15:8080. But how can I specify in games and other applications?

nimnull22 · 03-30-2010, 12:04 PM

You have to understand, that first of all, a program has to have ability to communicate through proxy. Proxy it self just a re-sender. So if a game can use proxy to connect with game server, you will be able to enter its IP to a game setup. But most likely it will be SOCKS proxy.

Check a game, first.