CS> It doesn't look like your modification to ipfilter.conf 'took' (or at
least it's not reflected in the rules above):
DG: I was toggling between MASQ and ACCEPT in the filter line
and left it at MASQ when the ACCEPT command didn't work.
I needed to get the servers back online in some fashion,
so I reversed the previous change.
The exact line I used was:
$IPCH -A forward -j ACCEPT -p udp -s $DMZ_NET -d 0/0 -i $EXTERN_IF
CS> NOTE:
- You still have outbound traffic from the DMZ masqueraded (the first MASQ
rule)
DG: Do you mean the last entry in the section below?
$IPCH -A forward -j ACCEPT -p icmp -s 0/0 -d $DMZ_NET -i $DMZ_IF
$IPCH -A forward -j ACCEPT -p tcp -s $DMZ_NET -d 0/0 -i $EXTERN_IF
$IPCH -A forward -j ACCEPT -p icmp -s $DMZ_NET -d 0/0 -i $EXTERN_IF
$IPCH -A forward -j ACCEPT -p udp -s $DMZ_NET domain \
-d 0/0 -i $EXTERN_IF
======> $IPCH -A forward -j MASQ -p udp -s $DMZ_NET -d 0/0 -i $EXTERN_IF
This is the one I modified, then changed back...
CS> - You have 22 Denied packets in the forward chain...you might want to log
these and see what they are...my guess is if you add proper rules to
DMZ_OPEN_DEST so these packets are accepted instead of denied (and change
the DMZ masq to allow), your game server will begin working.
DG: Can you please explain the process to "log" these packet? 'member? I am
noob. :)
By "proper rules" do you mean my current ones are incorrect? They are
the only service ports that the HL server is known to use, and they do
the job when the MASQ function is operating. The problem still exists
that client-initiated UDP traffic to port 27015 goes off into the ether,
from the client user's perspective, and it does not appear that the
change from MASQ to ACCEPT alone is correcting that. Are there any
specific changes to the DMZ_OPEN_DEST rules you would recommend? I have
Summarized them below.
Thanks again,
Dan
DMZ_OPEN_DEST in short form:
# Shorthands for DMZ firewall rules:
tfc1="64.81.226.173"
tfc2="64.81.226.172"
webserv="64.81.226.174"
# Inbound services to allow to the DMZ
# __
DMZ_OPEN_DEST=" udp_${DMZ_NET}_domain
tcp_${DMZ_NET}_ssh
tcp_${DMZ_NET}_domain
icmp_${DMZ_NET}_:
udp_${tfc1}_6003
tcp_${tfc1}_6003
udp_${tfc1}_7002
tcp_${tfc1}_7002
udp_${tfc1}_27005
udp_${tfc1}_27010
udp_${tfc1}_27011
udp_${tfc1}_27012
udp_${tfc1}_27015
udp_${tfc1}_27016
udp_${tfc1}_28900
udp_${tfc2}_6003
tcp_${tfc2}_6003
udp_${tfc2}_7002
tcp_${tfc2}_7002
udp_${tfc2}_27005
udp_${tfc2}_27010
udp_${tfc2}_27011
udp_${tfc2}_27012
udp_${tfc2}_27015
udp_${tfc2}_27016
udp_${tfc2}_28900
tcp_${webserv}_www
tcp_${webserv}_ftp"
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
