Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Are you hosting a server or connecting to one ?
Are the game PC's on an internal IP address range ?
what IP addresses are assigned to the different NIC's on the firewall.
eg.
eth0 = 213.56.43.12
eth1 = 192.168.0.2
Answer the above and I'll see what I can come up with.
I am looking to have multiple users behind my firewall be able to connect go gameservers on the external internet.
The game PCs are on an internal IP range.. i.e. I am using SNAT.
IP info:
External IP - 209.55.100.125 (note - I also have been assigned 209.55.100.126 but am not using)
Internal IP - 10.0.0.x
As I understand there are modules (i.e. ip_masq_q3a) that people used for older linux kernels but that these modules haven't been proted to iptables yet.
Sorry for the delay, I've been looking into the best way to do this.
I can't find out much info on the Q3 id protocol and what it actually does when it comes back to your firewall.
If it just wants to be transferred to the originators internal address on a fixed socket then fine, stateful inspection will do this with connection tracking.
If it's told by the client to use a dynamic socket when it returns then you'll need a module that will understand the connection track and allow the sockets to DNAT back.
I suggest you try a few tests to see what it's trying to do.
first load up one of the game systems and get it to connect to the Q3a server.
While its doing this have a look at "netstat" on the firewall and see what it's connected to and at on what port.
then enable logging on iptables so you capture the incoming requests back from the Q3 server.
Then repeat this test by running quake again and getting it to connect to the Q3 server. "do this about 5 times"
Then compare the logs and see if the incoming requests change on each new established connection.
If they do then you need a module the the iptables ftp active module.
I'm fairly sure that Q3 requires a module (as it was required to have a module for multiple Q3 players in ipfilters). In the FAQs it said that if you wanted to do this that you would be better off with ipfilters. I'm just hoping that someone is working on an iptables port -- but haven't had much luck in finding project page, betas, etc..
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
