Dear Eric,
This is indeed the most irritating part of using masquerading...
I have the same problems with age of empires.
How my ISDN NAT-enabled router copes with this
situation (AFAICT) is to return unsolicited packets to
the local machine that last contacted the external server.
That will work for a single masqueraded machine on
the network (per external server)- for more we'll have to understand the
protocol :-(
Tim
Eric Kluft <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> You can do this with ipmasqadm (see man pages).
>
> However, it is not possible.
>
> When you start a multiplayer game, you connect to a server by tcp (port
> 47624).
>
> Masquerading this port is no problem.
>
> Then, during this tcp connection, the udp port is exchanged, on which the
> server is going to connect to the clients.
> When your computer receives this port nr, it starts listening to incoming
> udp frames on that port.
> Your firewall however doesn't and just sends rst's to that server.
>
> So, a firewall module should look at the tcp-packets. When it sees a udp
> portnr, it should start listening on that port and forward the packages to
> the client.
>
> When I did a package dump while playing and examined the packages
> afterwards, the place of the udp port nr in such a tcp package kept
changing
> over different games. So it is not enough for the firewall module just to
> look at the packages, it should have direct-play logic which really
> interpret the tcp frames to extract the udp port used. I don't think
> microsoft has published enough information about direct-play to allow you
to
> build such a module yourself (but I didn't spend much time looking for
it).
>
> I got it working by just forwarding all udp ports (1024:65535) to my local
> workstation. A bit nasty for all other apps using udp. If you are the only
> user of the firewall, you could do this during a game and change it back
> when your are finished.
>
> If you can give me more information about the tcp frame exchanges during
the
> start of direct play, I'm willing to try writing a firwall module.
>
> Regards,
>
> Eric.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
