LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-08-2001, 10:04 PM   #1
yogee
LQ Newbie
 
Registered: Jul 2001
Posts: 16

Rep: Reputation: 0
Question Ipchains port forwarding localy


posted 06 July 2001 01:17 AM
--------------------------------------------------------------------------------
When i installed redhat 7.1, i used the firewall tool it had to add some ports that i needed to open. I now have these in my ipchains file and need help with what im suposed to do now. I basicaly need to open a bunch for a game server and forward them to a local machine with an ip of 192.168.0.**
This game server is windows 2000 pro and will (once i figure it out) be on the network. I now have 2 windows ME system running thru the redhat server and on the net without using DHCP.
This is what i have in there for each port ive opened:
-A input -s 0/0 -d 0/0 ***** -p udp -j ACCEPT
Where ***** is the port number.


To run from a machine with a private IP address behind a Linux firewall, you need to use a combination of IP masquerading and IP autoforwarding. The following rules for the default ** client port range can be used:

ipfwadm -F -a accept -m -S a.a.a.a/m.m.m.m -D 0.0.0.0/0
ipautofw -A -r udp 32766 32809 -h a.a.a.a -v -u

Where a.a.a.a is the address of the machine behind the firewall, and m.m.m.m is the netmask. If you run a server behind the firewall, clients should connect to the IP address of the firewall.


Can you open 40 ports in one line?
#-A input -s 0/0 -d 0/0 32766 -p udp -j ACCEPT
#-A input -s 0/0 -d 0/0 32767 -p udp -j ACCEPT

Like this?
#-A input -s 0/0 -d 0/0 32766 32809 -p udp -j ACCEPT

This what i realy need to do according to the game server details! Have no idea where or how to open and forward them though.

#ipfwadm -F -a accept -m -S 192.168.0.4/255.255.255.0 -D 0.0.0.0/0
#ipautofw -A -r udp 32766 32809 -h 192.168.0.4 -v -u

I can turn on iptables if need be too, but would need to know which one (ipchians/tables) to boot first.


Here are my current ipchains:
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
#ipfwadm -F -a accept -m -S 192.168.0.4/255.255.255.0 -D 0.0.0.0/0
#ipautofw -A -r udp 32766 32809 -h 192.168.0.4 -v -u
#-A input -s 0/0 -d 0/0 32766 -p udp -j ACCEPT
#-A input -s 0/0 -d 0/0 32767 -p udp -j ACCEPT
:input ACCEPT
:forward ACCEPT
-P forward DENY
-A forward -i eth0 -s 192.168.0.0/255.255.255.0 -j MASQ
:output ACCEPT
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth0 -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT

I also have webmin installed and the ipchains module, but using it (ipchains webmin module) is beyond me.

Last edited by yogee; 07-08-2001 at 10:09 PM.
 
Old 07-10-2001, 06:12 PM   #2
yogee
LQ Newbie
 
Registered: Jul 2001
Posts: 16

Original Poster
Rep: Reputation: 0
Interesting. Thanx, ill see if that works

Last edited by yogee; 07-12-2001 at 07:08 PM.
 
Old 07-12-2001, 07:08 PM   #3
yogee
LQ Newbie
 
Registered: Jul 2001
Posts: 16

Original Poster
Rep: Reputation: 0
Interesting. Thanx, ill see if that works
 
Old 07-13-2001, 06:09 AM   #4
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
yogee,

Supply this info and you might have more luck in getting an answer.

What kind of Game server your trying to Run ?
What's the internal IP address of the game server
What's the internal IP address of the Linux firewall
Make up an address of the Linux's external ISP's.

Then I'll show you how to make it work.

Also use one or the other. "ipchains or iptables" not both.

Also I wouldn't call it a firewall as your allowing everything.
-A input -s 0/0 -d 0/0 -i eth0 -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT

/Raz
 
Old 07-13-2001, 11:59 AM   #5
yogee
LQ Newbie
 
Registered: Jul 2001
Posts: 16

Original Poster
Rep: Reputation: 0
The game is nascar racing 4 by papyrus. This what the readme file says to do.

MULTIPLAYER BEHIND A FIREWALL OR ROUTER

By default the following UDP ports will be used by NASCAR® Racing 4: 32766 for the net_server_port, 32767 for ping port, and then sequentially numbered ports for each allowed client connection (max of 42) starting at 32768.

To run from a machine with a private IP address behind a Linux firewall, you need to use a combination of IP masquerading and IP autoforwarding. The following rules for the default 42 client port range can be used:

ipfwadm -F -a accept -m -S a.a.a.a/m.m.m.m -D 0.0.0.0/0
ipautofw -A -r udp 32766 32809 -h a.a.a.a -v -u

Where a.a.a.a is the address of the machine behind the firewall, and m.m.m.m is the netmask. If you run a server behind the firewall, clients should connect to the IP address of the firewall.


The machine is now added to the network.
Im running a class C network of 192.168.0.0 and asigned the game server 192.168.0.4.
Eth0 is my external cable connection and eth1 is the internal network.
Eth1 has an ip of 192.168.0.1. The made up external ip of eth0 is 55.65.228.185
 
Old 07-15-2001, 09:11 PM   #6
yogee
LQ Newbie
 
Registered: Jul 2001
Posts: 16

Original Poster
Rep: Reputation: 0
bump
 
Old 07-16-2001, 06:04 AM   #7
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Thanks for bumping me.

ok so I think this is what you need.

On your Linux box you'll need to have a simple script run to switch on the NAT. "This is not going to firewall off anything but it will help hide your internal addresses"

So create a script in the directory /etc/rc.d called nat.sh.
put this in the script:
-----------------------
# start Natwall
ipchains -F

# Accept all access.
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT

# sets timeout values for FIN flags etc..
ipchains -M -S 7200 10 60

# magic NAT setting for MASQing
ipchains -A forward -s 192.168.0.0/24 -j MASQ

# eof
-----------------------

Now go and install some software called "ipmasqadm" from
ftp://ftp.redhat.com/pub/contrib/lib....4.2-3.src.rpm

Once you have installed this active it in the /etc/rc.d/rc.local file with the following lines at the end of the file.


-----------------------
/etc/rc.d/nat.sh
modprobe ip_masq_portfw
ipmasqadm portfw -a -P udp -L 55.65.228.185 32766 -R 192.168.0.4 32766
# add more lines with all the ports you need until it's correct.

------------------------
now run the rc.local file.

Note: Netfilter has this feature added as standard so if you find you can't get this working, use iptables.

/raz
 
Old 07-16-2001, 12:41 PM   #8
yogee
LQ Newbie
 
Registered: Jul 2001
Posts: 16

Original Poster
Rep: Reputation: 0
"-A input -s 0/0 -d 0/0 -i eth0 -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT"

I tried removing this from ipchains and the locals couldnt get to the net anymore. This was installed with redhats ipchians config upon installing. I chose medium and opened all the ports available except telnet.




"Now go and install some software called "ipmasqadm" from
ftp://ftp.redhat.com/pub/contrib/li...0.4.2-3.src.rpm"

This will not install, period! I am trying to install it via a VncServer as root. I see a little hard drive activity on the box but thats it. I have installed rpm's before and usualy see a window open and show what its doing. Nothing seen here upon this rpm install though. If i right click on it and hit "upgrade" i get nothing also.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
ipchains forwarding rules scheidel21 Linux - Networking 0 01-20-2004 08:37 AM
IPChains/IPMasqadm Port Forwarding Sonicsone Linux - Networking 8 12-03-2002 02:18 PM
IPChains + port forwarding + redhat 7.2 purduephotog Linux - Networking 2 04-22-2002 05:38 PM
ipchains port forwarding Ratclaws Linux - Security 2 12-04-2001 04:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration