Kory:
Wow, I bet this turned into a whole lot more than you
were expecting. FWIW, posting the firewall packet log was the
*exact* right thing to do.
Try this. Change the whole QUAKE section of the
echowall.rules file to look like this:
#QUAKE#$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 4242 -p tcp -j ACCEPT
#QUAKE#$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 27901 -p tcp -j ACCEPT
#QUAKE#$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 27901 -p udp -j ACCEPT
#QUAKE#$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 27910:27961 -p udp -j ACCEPT
#QUAKE#$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 27950:27952 -p tcp -j ACCEPT
#QUAKE#if [ "$QUAKE_HOST" != "firewall" ]; then
#QUAKE#$IPMASQADM portfw -a -P tcp -L $IP_EXT 4242 -R $QUAKE_HOST 4242
#QUAKE#$IPMASQADM portfw -a -P tcp -L $IP_EXT 27901 -R $QUAKE_HOST 27901
#QUAKE#$IPMASQADM portfw -a -P udp -L $IP_EXT 27901 -R $QUAKE_HOST 27901
#QUAKE#$IPMASQADM autofw -A -r udp 27910 27961 -h $QUAKE_HOST
#QUAKE#$IPMASQADM autofw -A -r tcp 27950 27952 -h $QUAKE_HOST
#QUAKE#fi
I spent some time looking into it, and it turns out that
QuakeII is different from QuakeI, and QuakeIII is different from
QuakeII. How very nice. :)
The above rules should take care of all three flavors.
Remember how it said "still needs testing"? Heh. Understatement
of the week.
Lemme know how it goes!
-Scott
PS: echoWall 1.33 coming soon...
On Sun, 4 Nov 2001, Kory Krofft wrote:
> Tom,
>
> That maakes sense but how do I open that UDP port? I started this thread
> because
> I did not understand the syntax of the ipchains rules. The only down side I
> have found to LRP is no man pages. I tried the HOW-TOs but they assume a
> higher level of Linux knowledge than I have. Scott Best's echowall was
> suggested because it did not require a lot of esoteric command lines. I
> like the current plan of using one boot disk for gaming and a second for
> normal protection is fine so I could have one with echowall or modified
> ipchains rules if I can figure them out.
>
> Your suggestions are appreciated,
>
> Kory
>
>
> Tom Eastep wrote:
>
> > On Sunday 04 November 2001 05:16 pm, Kory Krofft wrote:
> > > Tom,
> > > No. I am testing from inside. I assume it would route out and back in
> > > ok.
> >
> > The problem isn't with packets sent from your local client to the
> > server but rather with packets going in the opposite direction. The
> > source address on those packets is the server's local address, not the
> > external address that the client thinks it is talking to.
> >
> > I just had a friend try from outside and it doesn't work either.
> > > My message loge from the firewall
> > > shows his IP address as being denied.
> > > Nov 4 19:07:07 markii kernel: Packet log: input DENY eth0 PROTO=17
> > > 64.109.106.19:65037 65.28.237.42:27910 L=45 S=0x00 I=60764 F=0x0000
> > > T=111 (#61)
> > > markii is my lrp box, 64.109.106.19 was his IP address.
> > >
> >
> > So this means that you need to open UDP port 27910....
> >
> > -Tom
> > --
> > Tom Eastep \ [EMAIL PROTECTED]
> > AIM: tmeastep \ http://www.shorewall.net
> > ICQ: #60745924 \_________________________
> >
> > _______________________________________________
> > Leaf-user mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
>
>
>
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
