I'm running a SuSE 7.3 server that acts as a gateway, fileserver, apache webserver and ftp server. I have 2 client pc's (win2000).

I recently installed a Half-Life dedicated server on it.
When I join from my client machine through my external ip (xxx.xxx.xxx.xxx:27015) it works perfectly.

But someone from the outside of my network can't join.

I'm using the ADSL4Linux program (http://www.adsl4linux.nl) with the firewall that comes with it. It uses IPtables.

How can I open the correct port so that other people can access my Half-Life server.

Hi!
From the ADSL4Linux webpage's firewall FAQ http://www.adsl4linux.nl/support.php#Firewall :

1.1 ADSL4Linux firewall wat is het?
Een firewall is een set van regels die ervoor zorgt dat alle poorten op de PC worden afgesloten van
communicatie met de buitenwereld (internet) en dat uitsluitend die poorten openzet die expliciet worden
aangegeven.

OK, for some reason babelfish can't translate this, but I think I can.

It loosly translates to, "The firewall's set of rules blocks all communication from the outside world(internet), unless you explictly tell the firewall to open certain ports"

(can anyone do better than me? My dutch sucks).

In other words, just browse around the firewall script (perhaps in /etc/rc.d/rc.firewall?) and look for anything related to opening up ports. If you can't find anything, just disable the ADSL4Linux firewall, and get another firewall. I reccomend this one http://projectfiles.com/firewall/. Its easy to install, and easy to configure (just edit the file with your favourite text editor, and rerun the script).

Good Luck!!
RefriedBean.

PS. If the Stable firewall from projectfiles gives you a few errors, get the beta one, its rock solid, and I've had no problems with it.

Yes, I also posted it on the ADSL4Linux forum but I haven't had a usefull reply yet.

And in the config I can't open a specific port.

You have to keep in mind that my firewall is also my gateway program. Maybe you know another gateway/router for me.

Hi.

That projectfiles firewall acts as a gateway too, just edit the rc.firewall (or whatever you decided to call it) with your favourite text editor, and change " IS_ROUTER="no" " to " IS_ROUTER="yes" ", also make sure your internal and externel interfaces are right.

**Catch 22 alert **
I am not sure how ADSL4Linux works, but normally when you use ADSL, linux makes a virtual ppp0 interface, so be carefull that when you edit the rc.firewall that you make the externel interface ppp0, NOT the ethernet card that the ADSL modem is plugged into (eth0 for example). Specifying the wrong external interface will render the firewall useless

Good Luck!
RefriedBean

Thank you very much....

Oh and (seeing that you are from South Korea) sorry about the world cup.

Thanks, but to tell you the truth, I am actually a South African (well, we're out too, but I can't beleive South Africa got as far as they/we did anyway) living in South Korea.

Yea, and the fact that I am from ZA explains why I could read the Dutch (kinda).

Groete uit Korea!
van RefriedBean

I installed that firewall and I get this:

server:/usr/local/sbin # ./rc.firewall

Projectfiles.com rc.firewall script version 1.8.3 running...
iptables: Bad built-in chain name
Firewall successfully configured for external IP address 'xxx.xxx.xxx.xxx'.

(Where xxx is my ip)

So what is this error and is it running now or not?

2 extra questions:
- How do I stop the firewall?

And

- Which port do I have to open for SSH?
[EDIT]
Found that one out myself. (Major doh, just look in putty)

[/EDIT]

Hi!

Get the beta version, its much more configurable and its very reliable. And it fixed quite a lot of errors in the 1.8.3 version.

IF

it still gives you errors,
make sure you have all the netfilter(iptables) support needed by it in your kernel.

I am not sure how to stop the firewall, since I have never needed to stop it in anycase. If you need to reconfigure the firewall simpy rerun the rc.firewall.

By the way, if you need to know what port a certain service uses, look in /etc/services, its more than likely listed there.

Good Luck
RefriedBean

I got it working and my CS server is accessible too but it isn't routing internet to my client's.

Hi!
Make sure that your internal and external interfaces are correct, and that you have the right support in the kernel for NAT.

If the support is compiled as modules, make sure that you load the modules BEFORE the rc.firewall is initialized.

Good luck!
RefriedBean

Hi folks.

I think I might be able to contribute to the discussion.

First of all, definately use latest 2.0 release candidate. Even the rc4 prerelease is probably better for most users 1.8.3. 1.8.3 is very stable except it does not perform ANY checking on the current system configuration or user input, so even if something askew it still chugs merrily along....

Second, unless MAYBE you have an internal ADSL modem (most are external and connect to your PC via ethernet) you will access DSL through a regular ethernet interface, e.g. eth0. It doesn't matter anyway, in any of the recent releases you do not need to supply external interfaces as they are discovered automatically.

If you are using the script and find that some internal clients cannot get through the firewall you should do the following:

1. Obviously check that your internal interface is listed in INTERNAL_INTERFACES and in versions before rc4, make sure IS_ROUTER is enabled.

2. Check that you have the correct netmask set on your internal interface. The firewall determines the scope of an internal networks based on the configuration of the internal interface.

3. If you have multiple "internal" networks that pass through the firewall you can add the other internal networks to the "ADDITIONAL_ROUTED_NETWORKS directive (called ROUTED_NETWORKS before rc4)" or add a second IP (IP aliasing) to the interface and add the alias (e.g. eth0:1) as another INTERNAL_INTERFACE. This is an especially neat feature because you can run two logical networks that both use the same machine as a gateway.

Btw, you can clear all firewall code by running "./rc.firewall clear" or the SysV style "./rc.firewall stop". rc4 will have the added benifit of not changing the current firewall configuration until it successfully completes its list of sanity checks.

Hope this information has been helpful.