Are you wanting to host the game on an internal computer or on your router/firewall? If it's going to be on an internal computer, you need to set up NAT to redirect the incoming port to whatever computer is going to host the game. You would need something like:
iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 2346 -j DNAT --to-destination 192.168.0.2:2346 (modified to suit your specific needs, of course) Gene PS: there's lots of good information and links at http://www.linuxguruz.org/iptables/ You might even find a script that suits your needs there. --- Christian Saalborn <[EMAIL PROTECTED]> wrote: > Hello, > has a newbie to iptables I have some problems. I > have a dsl-router which > is also my firewall. In my lan I want to host a game > ( e.g. megamek ). > This game needs port 2346. So I thought the script I > appended below > should work. The next thing is that my firewall > didn't log the messages. > I get no message from the firewall if somebody want > to connect to my > server and he is rejected. UDP messages or ICMP > messages or other TCP > messages are logged. I run woody with 2.4 kernel > same goes for the lan > machines. > > Thanks in advance, > > Christian > > > The script: > > #!/bin/bash > > UPLINK="ppp0" > > INTERFACES="lo ppp0 eth1" > > iptables -P INPUT DROP > iptables -A INPUT -i ! ${UPLINK} -j ACCEPT > iptables -A INPUT -m state --state > ESTABLISHED,RELATED -j ACCEPT > > iptables -A INPUT -p tcp --dport 2346 -m state > --state NEW -j ACCEPT > iptables -A OUTPUT -p tcp -o ${UPLINK} -m state > --state > NEW,ESTABLISHED -j ACCEPT > > if [ -e /proc/sys/net/ipv4/tcp_ecn ] > then > echo 0 > /proc/sys/net/ipv4/tcp_ecn > fi > > for x in ${INTERFACES} > do > echo 1 > > /proc/sys/net/ipv4/conf/${x}/rp_filter > done > > echo 1 > /proc/sys/net/ipv4/ip_forward > iptables -t nat -A POSTROUTING -o ${UPLINK} -j > MASQUERADE > > iptables -A INPUT -i ${UPLINK} -p tcp -j LOG > --log-prefix "IPTABLES > TCP-IN: " > iptables -A OUTPUT -o ${UPLINK} -p tcp -j LOG > --log-prefix "IPTABLES > TCP-OUT: " > iptables -A INPUT -i ${UPLINK} -j LOG --log-prefix > "IPTABLES > PROTOCOL-X-IN: " > iptables -A OUTPUT -o ${UPLINK} -j LOG --log-prefix > "IPTABLES > PROTOCOL-X-OUT: " > > iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT > --reject-with tcp-reset > iptables -A INPUT -p udp -i ${UPLINK} -j REJECT > --reject-with > icmp-port-unreachable > > > > > > -- > To UNSUBSCRIBE, email to > [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > ===== Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html __________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
