LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-23-2003, 10:47 AM   #1
Johnsernickle
Member
 
Registered: Aug 2002
Posts: 71

Rep: Reputation: 15
IPTABLES, Port Forwarding, and Warcrfat III


I Have set up a linux router for my network wiht a 56k modem. I Have gotten help from various websites to make my firewall file. Everyhting has worked great up to now, including ftp sites and everything. But recently i have installed warcraft 3 hoping to play it on battle.net. When i try to connect the game says i have chosen an incorrect server. When i looked on Blizzard's support site they said for warcraft III to function properly it must:

# Allow port 6112 TCP out and allow established sessions in
# Allow port 6112 TCP in (hosting custom games)
# Allow port 6113-6119 TCP out and in (hosting custom games if you’ve changed the default port in the Options/Gameplay screen)

Here's where i got the info from:

http://www.blizzard.com/support/?id=msi0445p

Also, although i dont mind as much, i also cannot send files over aim. That hasnt worked for me since ive gotten the firewall working, and i cant figure out witch port is required for that. The router on my network is running red hat 9 and also acts as a DHCP server for my network. Behnind my router i have 2 Win2k computers and one debian computer, if that matters at all. Here's my firewall script, maybe you can help me fix it up.







#!/bin/sh


echo -e "\n\n Loading firewall...\n"


#----------------------------------------#
# Kernel Modules #
#----------------------------------------#

IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
INSMOD=/sbin/insmod


#----------------------------------------#
# Setting EXTERNAL and INTERNAL #
# interfaces for the network #
#----------------------------------------#


EXTIF="ppp0"
INTIF="eth0"
INTIF2="eth1"

echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF and $INTIF2"


#----------------------------------------#
# Checking Kernel Modules #
#----------------------------------------#

echo -en " loading kernel modules: "

echo -en "verifying all kernel modules, "
$DEPMOD -a


#----------------------------------------#
# Re-Loading Defaults #
#----------------------------------------#

echo -en "ip_tables, "
$INSMOD ip_tables

echo -en "ip_conntrack, "
$INSMOD ip_conntrack

echo -en "iptable_nat, "
$INSMOD iptable_nat


#---------------------------------------#
# FTP tracking mechanism #
#---------------------------------------#

echo -en "ip_conntrack_ftp, "
$INSMOD ip_conntrack_ftp


#---------------------------------------#
# IRC tracking mechanism #
#---------------------------------------#

echo -en "ip_conntrack_irc, "
$INSMOD ip_conntrack_irc


#---------------------------------------#
# NAT for Non-Passive FTP #
#---------------------------------------#

echo -en "ip_nat_ftp, "
$INSMOD ip_nat_ftp


#---------------------------------------#
# NAT for IRC DDC #
#---------------------------------------#

echo -e "ip_nat_irc"
$INSMOD ip_nat_irc

echo ". Done loading modules."

#----------------------------------------#
# CRITICAL: Enable IP forwarding #
# #
# /etc/sysconfig/network #
# #
# FORWARD_IPV4=false #
# to #
# FORWARD_IPV4=true #
# #
#----------------------------------------#

echo " enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward


#----------------------------------------#
# Dynamic IP Adress Support #
#----------------------------------------#

echo " enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr


#----------------------------------------#
# Flushing Old Tables #
#----------------------------------------#

echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD REJECT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F


#----------------------------------------#
# Initilizing Forwarding #
#----------------------------------------#

echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $INTIF2 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF2 -o $INTIF -j ACCEPT

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG


echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo -e "\n Firewall done.\n"





Maybe someone can help me unserstand this script a little more too, because i only really unserstand parts of it. Also, i forgot to mention that starcraft used to function properly on battle.net, with the same firewall script, but i couldnt host games. Thanks in advance,

- Peter
 
Old 11-24-2003, 03:38 PM   #2
Dewar
Member
 
Registered: Sep 2003
Location: Washington State
Distribution: SuSE 8.0, SuSE 9.0, Slack 9.1
Posts: 90

Rep: Reputation: 15
The line you need to add to make sure everything goes smoothly should be the following....

$IPTABLES -A FORWARD -p tcp --dport 6112 -j ACCEPT

and it should go right before the log line ($IPTABLES -A FORWARD -j LOG) at the end of the forwarding part of your script.

As for what it all means, I'm pretty good at the iptables stuff, but all the lines before that are greek to me.

-Derek
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables port forwarding geoff3425 Slackware 13 12-20-2011 10:50 AM
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 07:35 PM
port forwarding with iptables kkennedy Linux - Networking 1 09-01-2005 06:48 PM
IPTables port forwarding.. NeoTech Linux - Networking 2 01-03-2005 11:27 AM
Iptables -- Port Forwarding slack_baby Linux - Networking 3 06-03-2004 02:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration