Charles W. Jordan <[EMAIL PROTECTED]> wrote:
>
> ipmasqadm portfw -a -P tcp -L $MIPADDR 47624 -R 10.0.0.3 47624
> ipmasqadm portfw -a -P udp -L $MIPADDR 47624 -R 10.0.0.3 47624
> A=2300
> while [ $A -lt 2400 ] ; do
> ipmasqadm portfw -a -P tcp -L $MIPADDR $A -R 10.0.0.3 $A
> ipmasqadm portfw -a -P udp -L $MIPADDR $A -R 10.0.0.3 $A
> A=`expr $A + 1`
> done
That's about the best method for using portfw to masquerade a game
server that insists on using a huge range of ports. Though I have to
wonder... Do you HAVE to forward both TCP and UDP in order for the game
to work, or is that all that you tried? Usually only one protocol is
used.
> This works for one masqued machine only. If I try to ipmasqadm
> another machine, the first machine works but all the subsequent ones
> will not.
Yes, because you're only forwarding the ports to one machine. That is a
limitation of portfw.
> I Found references to ipautofw, but no solid info, and no good link
> for a download. Is ipautofw what I need? If so, where do I get it?
You already have it, if you have masqadm. It was built and installed.
You just need the support for it enabled in your kernel. It's in the
default 2.2 kernel. The option should be right next to the "portfw"
option that you built into your kernel. It's probably already there,
you just need to use "ipmasqadm autofw" to configure it.
That being said, you should be aware that autofw probably will work
better for the specific case you give above (you can simply tell it
the huge port range that needs to be forwarded, and you can tell it
to forward those connections to the last machine that sent an initial
control packet).
HOWEVER, autofw plays very badly with local sockets on your masq box.
If you are running services on your masq box that want to talk to the
internet, such as sendmail, or DNS, or whatever, those services will run
into trouble, if they accidentally choose a random port that falls into
the autofw range. The return traffic will get forwarded behind the masq
box, and it will not see the reply, so you'll see connections that just
time out and fail for no apparent reason.
So I would suggest that, if you use autofw, that you disable it
when you no longer need it. Either that, or move local-socket port
ranges to a different range that doesn't conflict with autofw, using
the /proc/sys/net/ipv4/ip_local_port_range tunable. The default is
1024-4999.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
