I Have set up a linux router for my network wiht a 56k modem. I Have gotten help from various websites to make my firewall file. Everyhting has worked great up to now, including ftp sites and everything. But recently i have installed warcraft 3 hoping to play it on battle.net. When i try to connect the game says i have chosen an incorrect server. When i looked on Blizzard's support site they said for warcraft III to function properly it must:
# Allow port 6112 TCP out and allow established sessions in
# Allow port 6112 TCP in (hosting custom games)
# Allow port 6113-6119 TCP out and in (hosting custom games if you’ve changed the default port in the Options/Gameplay screen)
Here's where i got the info from:
http://www.blizzard.com/support/?id=msi0445p
Also, although i dont mind as much, i also cannot send files over aim. That hasnt worked for me since ive gotten the firewall working, and i cant figure out witch port is required for that. The router on my network is running red hat 9 and also acts as a DHCP server for my network. Behnind my router i have 2 Win2k computers and one debian computer, if that matters at all. Here's my firewall script, maybe you can help me fix it up.
#!/bin/sh
echo -e "\n\n Loading firewall...\n"
#----------------------------------------#
# Kernel Modules #
#----------------------------------------#
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
INSMOD=/sbin/insmod
#----------------------------------------#
# Setting EXTERNAL and INTERNAL #
# interfaces for the network #
#----------------------------------------#
EXTIF="ppp0"
INTIF="eth0"
INTIF2="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF and $INTIF2"
#----------------------------------------#
# Checking Kernel Modules #
#----------------------------------------#
echo -en " loading kernel modules: "
echo -en "verifying all kernel modules, "
$DEPMOD -a
#----------------------------------------#
# Re-Loading Defaults #
#----------------------------------------#
echo -en "ip_tables, "
$INSMOD ip_tables
echo -en "ip_conntrack, "
$INSMOD ip_conntrack
echo -en "iptable_nat, "
$INSMOD iptable_nat
#---------------------------------------#
# FTP tracking mechanism #
#---------------------------------------#
echo -en "ip_conntrack_ftp, "
$INSMOD ip_conntrack_ftp
#---------------------------------------#
# IRC tracking mechanism #
#---------------------------------------#
echo -en "ip_conntrack_irc, "
$INSMOD ip_conntrack_irc
#---------------------------------------#
# NAT for Non-Passive FTP #
#---------------------------------------#
echo -en "ip_nat_ftp, "
$INSMOD ip_nat_ftp
#---------------------------------------#
# NAT for IRC DDC #
#---------------------------------------#
echo -e "ip_nat_irc"
$INSMOD ip_nat_irc
echo ". Done loading modules."
#----------------------------------------#
# CRITICAL: Enable IP forwarding #
# #
# /etc/sysconfig/network #
# #
# FORWARD_IPV4=false #
# to #
# FORWARD_IPV4=true #
# #
#----------------------------------------#
echo " enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
#----------------------------------------#
# Dynamic IP Adress Support #
#----------------------------------------#
echo " enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#----------------------------------------#
# Flushing Old Tables #
#----------------------------------------#
echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD REJECT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
#----------------------------------------#
# Initilizing Forwarding #
#----------------------------------------#
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $INTIF2 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF2 -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\n Firewall done.\n"
Maybe someone can help me unserstand this script a little more too, because i only really unserstand parts of it. Also, i forgot to mention that starcraft used to function properly on battle.net, with the same firewall script, but i couldnt host games. Thanks in advance,
- Peter