Re: [Leaf-user] Re: echoWall 1.32 [was: IPchains / Forwarding question]

Sun, 04 Nov 2001 19:42:37 -0800 

At 08:16 PM 11/4/01 -0500, Kory Krofft wrote:
>Tom,
>No. I am testing from inside. I assume it would route out and back in ok. 

This is always a bad assumption to make when testing firewalls. Maybe yes,
maybe no ... but you can never *count* on out-and-in working the same as a
true connection from the outside.

>I
>just had a friend try from outside and it doesn't work either. My message
>loge from the firewall
>shows his IP address as being denied.
>  Nov 4 19:07:07 markii kernel: Packet log: input DENY eth0 PROTO=17
>  64.109.106.19:65037 65.28.237.42:27910 L=45 S=0x00 I=60764 F=0x0000 T=111
>(#61)
>markii is my lrp box, 64.109.106.19 was his IP address.

Well ... this suggests that Quake (or Quake2 or Quake3 -- whichever you are
really using) uses UDP 27910, not TCP 4242 (as shown in the echowall.rules
file). 

In fact, the rule block for Quake in echowall.rules is really just a dummy
ruleset, created solely as a placeholder, a ruleset not ever intended to
work. It dates back to my early work on EchoWall ... my older version of the
source has several placeholder rules using port 4242, and the one for Quake
has this note on it:

        # -- Quake [still need to check -- this is a
        # -- DUMMY RULE to go in as placeholder]

So ... to fix it, you probably just need to edit the QUAKE block of rules in
echowall.rules to read as follows:

# -- Quake [still needs testing]
#QUAKE#$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 27910 -p udp -j ACCEPT
#QUAKE#if [ "$QUAKE_HOST" != "firewall" ]; then
#QUAKE#$IPMASQADM portfw -a -P udp -L $IP_EXT 27910 -R $QUAKE_HOST 27910
#QUAKE#fi

One caveat, though: the "problem apps for firewalls" site I usually used --
http://www.tsmservices.com/masq/ -- lists the Quake/Quake2/Quake3 port as
UDP 27960, not 27910. So you might want to double check your log entry
before you make the changes (or after doing so, if they don't work).

If either choice works, please let the list, or at least Scott and me, know
... since neither of us has a Quake server running to test this EchoWall
feature.


--
------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA                                    [EMAIL PROTECTED]        
----------------------------------------------------------------


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to