[wplug] Newbie Iptables question.

Wise, Jeremey WISEJ at PIOS.com
Fri Mar 7 11:34:10 EST 2003 

I believe the ping issue is that the game is using standard ICMP request and
so you will have to add a rule to allow ping to the firewall box. You won't
have to forward ICMP to your game box as the game would not expect anything
but a "segment" reply for monitoring the link. I would recommend some
filtering on ICMP echo responses and size request limits to prevent Ping o'
Death.

Example:<Snip>
# Allow some ICMP
/sbin/iptables -A GOOD -p icmp --icmp-type echo-request -m limit --limit 1/s
-j ACCEPT
/sbin/iptables -A GOOD -p icmp --icmp-type echo-reply -m limit --limit 1/s
-j ACCEPT
# /sbin/iptables -A GOOD -p icmp --icmp-type source-quench -m list --limit
2/s -j ACCEPT


Jeremey Wise (440)-519-6006
(CNE,MCSE,CSE)
Pioneer-Standard Electronics, Inc
wisej at pios.com
 

-----Original Message-----
From: Kubbie [mailto:squeakers2k at icqmail.com] 
Sent: Friday, March 07, 2003 10:01 AM
To: wplug at wplug.org
Subject: RE: [wplug] Newbie Iptables question.

I was able to get the game to become visable to others in the list of other
game servers by typing the following...

iptables -t nat -I PREROUTING -p udp --dport 2302:2304 -j
DNAT --to-destination game_machine_ip

But the ping never showed up next to my game name in the list, nor could
anyone connect.

This is the info from  iptables -L .

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             255.255.255.255    udp dpt:bootpc
LOG        all  --  anywhere             anywhere           limit: avg
10/hour burst 5 state INVALID,NEW LOG level warning prefix `firewall '
DROP       all  --  anywhere             anywhere           state
INVALID,NEW

Chain FORWARD (policy DROP)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere           tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  10.0.1.0/24          anywhere
ACCEPT     all  --  anywhere             10.0.1.0/24        state
RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


-----Original Message-----
From: wplug-admin at wplug.org [mailto:wplug-admin at wplug.org]On Behalf Of
Henry Umansky
Sent: Thursday, March 06, 2003 12:55 PM
To: wplug at wplug.org
Subject: Re: [wplug] Newbie Iptables question.


Run the command "/sbin/iptables -L" and let us know what the output is.

--On Thursday, March 06, 2003 12:46 PM -0500 Kubbie
<squeakers2k at icqmail.com> wrote:r

>
> I am trying to Host a game from a XP machine behind a Slackware
> firewall/DHCP box.  However, my game is not being seen by those trying to
> connect.  The game requires ports 2302-2304 UDP  to Host a game and ports
> 2300-2400 UDP to be open for normal game play.  I may not have type the
> iptables in correctly.
> What would be the correct command string to enter to let this machine
> (10.x.x.x) host through the firewall?
>
> Thanks in advance.
>
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug



Henry Umansky
hmust2 [at] pitt [dot] edu
http://www.pitt.edu/~hmust2

_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug


_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list