LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   World of Warcraft (c) behind a linux router (http://www.linuxquestions.org/questions/linux-networking-3/world-of-warcraft-c-behind-a-linux-router-437088/)

elfy 04-20-2006 07:42 AM

World of Warcraft (c) behind a linux router
 
Hello guys!
I'm struck with a problem:
I've got a router, connected to 3 different networks:
  • The LAN of my district(say ReedLan)
  • My internal one, which is hidden by NAT with my ip
  • The pptp tunnel providing me with Internet. It is held over ReedLan(see 1)
I route the Internal-to-ReedLan traffic hidden by my ReedLan IP, and Internal-to-Intenet hidden by my ip in my provider's VPN.
If I launch WoW on my router is runs perfectly. But whenever I tried on internal network computers I got the same error: The RS(phase 1) connection is executed properly, but when it comes to the phase 2 connection to main game server I end up with a timeout caused, I decided, by the lost connection tracking.
If I put down the tunnel on my router and start the VPN session directly from internal computer(my router's managing GRE traffic and NATting it to my ReedLan ip) - it works great.
So what should I do to make linux firewall work with WoW connection tracking? Anybody has an idea?

UK MAdMaN 04-20-2006 10:02 AM

Have you got the WoW-required ports on the router set to route to the internal machine?

elfy 04-20-2006 03:16 PM

I got several internal machines using WoW simultaneusly(realy forgot the spelling of the word), so it is likely impossible to DNAT or I did miss something important?
By now I 'm SNATting. It looks like that:

Quote:

Internal IP 172.12.0.254
Internal user1 IP 172.12.0.1
Internal user2 IP 172.12.0.2
....

ReedLan IP 10.17.39.220
User's IP in VPN 172.17.2.235
what I did:
iptables -P FORWARD DROP
iptables -A FORWARD -s 172.12.0.0/24 -j ACCEPT
iptables -A FORWARD -d 172.12.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.12.0.0/24 -d 10.0.0.0/8 -j SNAT --to-source=10.17.39.220
iptables -t nat -A POSTROUTING -s 172.12.0.0/24 -d !10.0.0.0/8 -j SNAT --to-source=172.17.2.235

Nothin' else. Every program but WoW works correctly.


All times are GMT -5. The time now is 11:24 PM.