Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I guess this is the right forum for it as it doesn't really have anything to do with security...
I have setup a Day Of Defeat server (Half Life Mod) on my LAN and I want people on the net to be able to connect to it. On my firewall I have put this rule in for IPTables but for some reason people still cannot connect, so I'm guessing there is something wrong with the way Ive written the rule to forward the port to the server...
1. You are using '--sport 27015' with rules for incoming packets. For me it is very strange since I know only some cases when I can be sure the client uses a fixed port number. Are you sure about it? If not do not use this phrase.
2. Since you have got ppp0 and eth0 I see (am I right?) that the firewall is separate box. So you need forwarding to the LAN DoD server.
Try (same should be probably applied for UDP protocol - I do no nothing about DoD server protocols):
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 27015 -j DNAT --to-destination=ip_of_DoD_NIC
iptables -A FORWARD -m state --state NEW -i ppp0 -p tcp --dport 27015 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Yeah you guessed correct. Its a LAN dod server and the firewall is a separate box.
The client does use a fixed portnumber because when they try to connect, they connect with this: myexternalip:27015
Also, I have two nics, eth0 going to the internal LAN, and eth1 going to my ADSL modem. When I connect to the ISP it creates the ppp0 virtual device...should i put ppp0 in the rules or eth1? or doesn't it really matter?
I don't know anything about the protcols that DOD uses either...thats why i put both UDP and TCP in, just incase
Ill try out your rules tonight...thats for the help
Nah, other way around :P I posted it here first then thought I'll try OCAU as well to get a fast response...as I asked you on ICQ (btw, i tried your thing but it didn't work ) about the same thing...
that works!! it worked!! w00tah! thank you s0000 much..
are the other two lines needed though, do they do anything special? also...is running just this one line secure, like can people do like, a SYN flood, or something?
Typically firewall rules are setup to DROP all the packets. Next only allowed ones (to allowed ports) are accepted. Above two forward lines were presented assuming this philosophy.
If everything works without them it means that forwarding is enabled (probably it is default policy). So it is not necessary to use this lines in this case (the separate subject is security for such settings).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.