Pentru oamenii cu de pe routere si masqerade cred ca atashu' asta
e util.
Je.
-- Attached file included as plaintext by Listar --
-- File: Everything.txt
Application Name Kernel Modules IPChains IPfwadm Comments
Active Worlds 2.0+ 2.0.36,2.2.x The latest Active Worlds programs now
seem to work through linux ipmasqing without any problems.
Age of Empires/Rise of Rome 2.0.36 ipmasqadm autofw -A -r upd 1100
7000 -h x.x.x.x ipmasqadm autofw -A -r tcp 1100 5000 -h x.x.x.x
ipmasqadm autofw -A -r udp 47624 47624 -h x.x.x.x ipautofw -A -r upd
1100 7000 -h x.x.x.x ipautofw -A -r tcp 1100 5000 -h x.x.x.x ipautofw
-A -r udp 47624 47624 -h x.x.x.x This can also work on Internet gaming
Zone
Age of Kings 2.0.36 ipmasqadm autofw -A -r upd 1100 7000 -h x.x.x.x
ipmasqadm autofw -A -r tcp 1100 5000 -h x.x.x.x ipmasqadm autofw -A -r
udp 47624 47624 -h x.x.x.x ipmasqadm autofw -A -r upd 1100 7000 -h
x.x.x.x ipmasqadm autofw -A -r tcp 1100 5000 -h x.x.x.x ipmasqadm
autofw -A -r udp 47624 47624 -h x.x.x.x See also Age of Empires...
Age of Wonders 2.2.12 ipmasqadm autofw -A -r tcp 47624 47625 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 2300 2400 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 2300 2400 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 47624 47625 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 2300 2400 -h www.xxx.yyy.zzz ipautofw -A -r udp
2300 2400 -h www.xxx.yyy.zzz Standard DirectX 6.0. Game works well
from private host to private host. Had a bit of a look at heat.net but
didn\'t work.
Ages of Empire (Over the Zone) 2.0.36 ipmasqadm autofw -A -r udp 2300
2400 -h www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 2300 2400 -h
www.xxx.yyy.zzz ipautofw -A -r udp 2300 2400 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 2300 2400 -h www.xxx.yyy.zzz These ipautofw
commands will work for AOE over the Zone. www.xxx.yyy.zzz is the ip of
the computer that will be running that game. Note that only one
computer will be able to play at a time. If anyone know how to make it
so more than one computer can play at the same time please email me
settings, thanks.
AIM V3.0 File Transfer 2.2.5 ipmasqadm autofw -A -r tcp 5190 5190 -c
5190 ipautofw -A -r tcp 5190 5190 -c 5190 AIM file transfer starts a
miniature server on port 5190 on the sending machine, to which the
receiving machine connects. I don\'t know enough about the internals
of ipautofw and the ipo masquerading kernel code to know if this will
support/handle multiple AIM clients simultaneously doing file sends
behind the same masq, but with only one machine trying to send a file
over AIM it works great with the ipautofw rule. [Note: multiples
internal machines are HIGHLY unlikely. -seg]
Air Warrior 3 2.0.36 Works fine out of the box -- even VOX.
AirWarrior 2 2.0.36 Works fine out of the box -- even VOX.
Alien vs. Predator 2.2.13 ipmasqadm autofw -A -u -r tcp 2300 2400 -h
xxx.xxx.xxx.xxx ipmasqadm autofw -A -u -r udp 2300 2400 -h
xxx.xxx.xxx.xxx ipmasqadm autofw -A -u -r tcp 7000 10000 -h
xxx.xxx.xxx.xxx ipmasqadm autofw -A -u -r udp 7000 10000 -h
xxx.xxx.xxx.xxx ipautofw -A -u -r tcp 2300 2400 -h xxx.xxx.xxx.xxx
ipautofw -A -u -r udp 2300 2400 -h xxx.xxx.xxx.xxx ipautofw -A -u -r
tcp 7000 10000 -h xxx.xxx.xxx.xxx ipautofw -A -u -r udp 7000 10000 -h
xxx.xxx.xxx.xxx I\'m not familiar with the syntax for ipfwadm, but the
ports that need to be forwarded are 2300-2400 for tcp and udp as well
as 7000-10000 for tcp and udp. I found info on http://www.avpnews.com
where they posted the info needed to get sygate working.
AllAdvantage ViewBar 2.2.13 Works out of the box using ip-chains setup
in the masquerade HOWTO. No special configuration needed.
Allegiance 2.2.13 ipmasqdm autofw -A -r tcp 47624 47624 -h
xxx.xxx.xxx.xxx ipmasqadm autofw -A -r tcp 2300 2400 -h
xxx.xxx.xxx.xxx ipmasqadm autofw -A -r udp 2300 2400 -h
xxx.xxx.xxx.xxx ipautofw -A -r tcp 47624 47624 -h xxx.xxx.xxx.xxx
ipautofw -A -r tcp 2300 2400 -h xxx.xxx.xxx.xxx ipautofw -A -r udp
2300 2400 -h xxx.xxx.xxx.xxx Thought this would be a pain after
viewing the README for this game, but it ended up being a simple
config, works fine. I just added the lies to a script called
rc.firewall under Slackware 7.0, and the script runs from rc.local on
bootup.
Allegiance (over Zone) 2.2.14 mfw ipchains -A input -p tcp -d 0/0
2300:2400 -m 1 -I ppp0 -j ACCEPT ipchains -A input -p udp -d 0/0
2300:2400 -m 1 -I ppp0 -j ACCEPT ipmasqadm mfw -A -m 1 -r internalip
This only allows the machine at \"internalIP\" to play. Replace -I
ppp0 with your external interface. This uses the ip fwmark
masq-forwarding modules (experimental).
Alpha Centauri 2.2.13 ipmasqadm autofw -A -r tcp 2300 2400 -h
192.168.1.242 ipmasqadm autofw -A -r udp 2300 2400 -h 192.168.1.242
ipautofw -A -r tcp 2300 2400 -h 192.168.1.242 ipautofw -A -r udp 2300
2400 -h 192.168.1.242 [Note: ip_masq_autofw is only needed for
ipfwadm. Ipchains doesn\'t use it. -seg] This setup works for me when
joining a game. I don\'t know if all ports between 2300 and 2400 are
necessary.
America Online 4.0 2.0.33 Everything works straight out of the box.
AOL 4.0 revisions tested, currently the software is in beta. Build
134.126a -- Internal Beta Buil 118 -- Preview both 16 an 32 bit
tested. 16 Bit also worked on WFW 3.11
America Online v3.0 2.0.30 AOL should work fine out of the box... I
have used it many times from behind the firewall without problems,
just setup you AOL for normal tcp/ip connections and it should work.
This is for the 3 win95 version. I have not tested the 3.1 or older
ones.
AOL Instant Messenger 2.0.30 Windows 95, Linux Java, and Mac versions
work fine. The windows 3.1 version is unable to connect.
Asheron\'s Call 2.2.5-15 Works without a hitch on a default RH 6.0 box
that was just freshly setup for masquerade. Tested it with two clients
running simultaneously, 2 different players, 2 different accounts.
Both can run simultaneously perfectly.
AtomTime 95 2.0.30 Works with no problems. Rather sluggish under masq.
I turned off \"Triple Request Time Check\" to speed things up.
Balder\'s Gate 2.0.36 ipmasqadm -A input -j ACCEPT -p tcp -i eth0 -s
any/0 1024:65535 -d www.xxx.yyy.zzz 47624^M ipmasqadm -A input -j
ACCEPT -p tcp -i eth0 -s any/0 47624 -d www.xxx.yyy.zzz 1024:65535^M
ipmasqadm -A input -j ACCEPT -p udp -i eth0 -s any/0 1024:65535 -d
www.xxx.yyy.zzz 47624^M ipmasqadm -A input -j ACCEPT -p udp -i eth0 -s
any/0 47624 -d www.xxx.yyy.zzz 1024:65535^M ipmasqadm -A input -j
ACCEPT -p tcp -i eth0 -s any/0 1024:65535 -d www.xxx.yyy.zzz
2300:2399^M ipmasqadm -A input -j ACCEPT -p tcp -i eth0 -s any/0
2300:2399 -d www.xxx.yyy.zzz 1024:65535^M ipmasqadm -A input -j ACCEPT
-p udp -i eth0 -s any/0 1024:65535 -d www.xxx.yyy.zzz 2300:2399^M
ipmasqadm -A input -j ACCEPT -p udp -i eth0 -s any/0 2300:2399 -d
www.xxx.yyy.zzz 1024:65535 ipfwadm: ipfwadm -I -a accept -P tcp -W
eth0 -S any/0 1024:65535 -D 47624 ipfwadm -I -a accept -P tcp -W eth0
-S any/0 47624 -D 1024:65535 ipfwadm -I -a accept -P udp -W eth0 -S
any/0 1024:65535 -D 47624 ipfwadm -I -a accept -P udp -W eth0 -S any/0
47624 -D 1024:65535 ipfwadm -I -a accept -P tcp -W eth0 -S any/0
1024:65535 -D 2300:2399 ipfwadm -I -a accept -P tcp -W eth0 -S any/0
2300:2399 -D 1024:65535 ipfwadm -I -a accept -P udp -W eth0 -S any/0
1024:65535 -D 2300:2399 ipfwadm -I -a accept -P udp -W eth0 -S any/0
2300:2399 -D 1024:65535 ipautofw: ipautofw -A -v -r tcp 47624 47624 -h
www.xxx.yyy.zzz ipautofw -A -v -r ucp 47624 47624 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 2300 2399 -h www.xxx.yyy.zzz ipautofw -A -r udp
2300 2399 -h www.xxx.yyy.zzz This works for both joining and hosting a
game. The Gamespy Lite that comes with BG is a bit of a pain. I
haven\'t got that working right yet. I thing it uses ICMP. Any hints
for that are welcome.
Battle.Net 2.2.x The entry was previously sort of mentioned in the
\"Battle.Net\" entry for Blizzard games. No special setup is required
to use a remote bnetd server version 0.4.20 or later. (Where remote
means the server is outside oyour masq\'d network like the real
Battle.Net servers would be.) When the server is inside of your local
network or on your gateway, the configuration becomes somewhat
complicated. In that case, you will need to have a unique UDP port
forwarded for each internal game client machine, and you will need to
add a line for each of these clients into the gametrans configuration
file. Older versions of the game clients do not support this new
automatic setup. This includes Starcraft < 1.05 and Diablo < 1.07
BattleCom 2.0.36 ipmasqadm autofw -A -r tcp 47624 47625 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 2300 2400 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 2300 2400 -h
www.xxx.yyy.zzz www.xxx.yyy.zzz = internal machine. ipautofw -A -r tcp
47624 47625 -h www.xxx.yyy.zzz ipautofw -A -r tcp 2300 2400 -h
www.xxx.yyy.zzz ipautofw -A -r udp 2300 2400 -h www.xxx.yyy.zzz
www.xxx.yyy.zzz = internal machine. This is all you need to get
BattleCom workig. These should also work for most DirectX 6.0 Games.
Battlefield Communicator 2.0.36 ipmasqadm autofw -A -r tcp 47624 47624
-h ipmasqadm autofw -A -r tcp 2300 2400 -h ipmasqadm autofw -A -r udp
2300 2400 -h ipautofw -A -r tcp 47624 47624 -h ipautofw -A -r tcp 2300
2400 -h ipautofw -A -r udp 2300 2400 -h see
http://www.shadowfactor.com/linuxmasq.html for more information.
BattleZone I 2.0.38 There is a patch out there called bz14-na4.zip
that used to be on Activisions WWW site. Simply install this patch on
your windows machine and BattleZone will start working. Super simple
and it works great.
BattleZone II 2.0.38 This game is based on Microsoft DirectPlay though
the setups on the Masq Apps page are way overkill. This setup works
well for me. Note: $extip is your EXTERNAL IP address on the Inet
$portfw is the IP address of the internal gaming machine --
/usr/local/sbin/ipportfw -C echo \" Enabling DirectPlay [TCP] to
$portfw4\" port=2300 while [$port -lt 2401 ] do
/usr/local/sbin/ipportfw -A -t$extip/$port -R $portfw/$port
port=$((port+1)) done port=1000 while [ $port -lt 1100 ] do
/usr/local/sbin/ipportfw -A -t$extip/$port -R $portfw/$port
port=$((port+1)) done echo \"Enabling DirectPlay [UDP] to $portfw..\"
port=2300 while [ $port -lt 2401] do /usr/local/sbin/ipportfw -A
-u$extip/$port -R $portfw/$port port=$((port+1)) done echo \"Enabling
DirectPlay [17700-17800 UDP] to $portfw..\" port=17700 while [ $port
-lt 17800] do /usr/local/sbin/ipportfw -A -u$extip/$port -R
$portfw/$port port=$((port+1)) done
Bay Networks VPN Client 2.2.13+vpn The Bay Networks VPN client, which
is a popular one, uses the IPSEC protocol WITHOUT the AH protocol
(which would prevent masquerading). Thus, you can run this
windows-based VPN client through a masq server with just the vpn patch
module.
Bottle Mail 1.2 for Windows 95 2.0.31 The people at Bottle Mail tell
me that hte application uses prots 25 and 80. I can only assume that
it sends you outgoing mail via SMTP and gets your incoming mail via
HTTP. I\'m a bit of a novice so maybe someone can contact them
directly if I\'ve missed anything pertinent. They\'re at
mailto:[EMAIL PROTECTED]
Citrix WinFrame Client 2.0.30 X Windows kind of client for Windows NT
Server. No additional configuration needed.
Citrix Winframe Client No additional configuration needed!
Citrix Winframe Server 2.0.30 ipmasqadm autofw -A -r tcp 1494 1494 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 1494 1494 -h www.xxx.yyy.zzz
www.xxx.yyy.zzz is the ip of the citrix server. This allows a Citrix
Server with a masq\'d IP address to communicate with the outside
world.Tested with Winframe Server 1.6 sp5, win32 Client sp5
CivNet 2.2.x ipmasqadm portfw -a -P tcp -L aaa.bbb.ccc.ddd 1942 -R
192.168.eee.fff 1942 Once a normal masquerade system is setup, install
the ipmasqadm package. Execute the followin on the masq server:
ipmasqadm portfw -a -P tcp -L aaa.bbb.ccc.ddd 1942 -R 192.168.eee.fff
1942 aaa.bbb.ccc.ddd = the outbound IP address of the Masq server.
This is provided by your ISP. 192.168.eee.fff = the IP address of the
masq\'d client where the game is run. Next, locate the file SNET.ini
in your CivNet directory. Type this line: TCPPORT=1942 Start the game,
and when it suggests you IP address (probably something like
192.168.0.2), replace this with the outbound IP address of the Masq
server (the aaa.bbb.ccc.ddd above). This does work for joining games,
but it should work for hosting them too. However the latter has not
been tested yet. Please note that this solution is not perfect. When
the IP number of the masq server changes (ie. On reboot ), the
commands must be reissued.
Cleansweep 3.0 AutoUpdate 2.0.30 This is by Quarterdeck and it works
fine without any extra configuration.
COM/IP (Tactical Software) 2.2.13 All you have to do is to forward the
ports you configured Com/ip to work with. All ports in Com/IP are user
configurable.
Commandos by EIDOS 2.0.35 Works with standard IP masq configuration.
No modules necessary.
CU-SeeMe 2.0.30 ip_masq_cuseeme.o ipmasqadm autofw -A -r udp 7648 7649
-c udp 7648 -u or ipmasqadm autofw -A -r udp 7648 7649 -h
www.xxx.yyy.zzz Please note: for 2.0.30 there is an update to the
module located at ftp://ftp.waste.com/pub/cuseeme/ip_masq_cuseeme.c
Sean Mahrt wrote: Use this for Apple H.263 compression and the 5.3Kbit
audio... ipmasqadm autofw -A -r udp 24032 24033 -h www.xxx.yyy.zzz
ipautofw -A -r udp 7648 7649 -c udp 7648 -u or ipautofw -A -r udp 7648
7649 -h www.xxx.yyy.zzz Please note: for 2.0.30 there is an update to
the module located at
ftp://ftp.waste.com/pub/cuseeme/ip_masq_cuseeme.c Sean Mahrt wrote:
Use this for Apple H.263 compression and the 5.3Kbit audio... ipautofw
-A -r udp 24032 24033 -h www.xxx.yyy.zzz The first form will allow
calls to/from the last workstation to use port 7648 (the primary
cu-seeme port) . The second invocation of ipautofw will allow cu-seeme
calls only to/from www.xxx.yyy.zzz. I prefer the former invocation, as
it is more flexible because there is no need to specify a fixed
workstation IP. However, this invocation also requires a workstation
to have previously placed an outgoing call in order to receive
incoming calls.
Dark Reign 2.0.3x Reply from Activistion: \"ActiveNet Multiplayer
games such as Dark Reign, I\'76, Titanium NetMech/Mercnet and
Battlepack version of NetMech use the following UDP Ports: 21154,
21155, 21156. These ports must be opened up Bidirectionally.\" I
don\'t have DR, so if anyone can try these with DR and ipautofw
someone might benefit. :) NOTE: Stephen Tarr ([EMAIL PROTECTED])
writes that the application is actually using port 21157.
Decent 3 2.0.37 ipmasqadm autofw -A -r tcp 7170 7170 -h
xxx.xxx.xxx.xxx ipmasqadm autofw -A -r udp 2092 2092 -h
xxx.xxx.xxx.xxx #For game Tracker ipmasqadm autofw -A -r udp 3445 3445
-h xxx.xxx.xxx.xxx #for pxo chat ipautofw -A -r tcp 7170 7170 -h
xxx.xxx.xxx.xxx ipautofw -A -r udp 2092 2092 -h xxx.xxx.xxx.xxx #For
game Tracker ipautofw -A -r udp 3445 3445 -h xxx.xxx.xxx.xxx #for pxo
chat Straight from andy c, Outrage Entertainment.
Decent Freespace 0.0.0 should be: ipmasqadm autofw -A -r tcp 3999 3999
-h www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 4000 4000 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 7000 7000 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 3493 3493 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 3440 3440 -h
www.xxx.yyy.zzz but others have mentioned having problems... -seg
should be: ipautofw -A -r tcp 3999 3999 -h www.xxx.yyy.zzz ipautofw -A
-r udp 4000 4000 -h www.xxx.yyy.zzz ipautofw -A -r udp 7000 7000 -h
www.xxx.yyy.zzz ipautofw -A -r udp 3493 3493 -h www.xxx.yyy.zzz
ipautofw -A -r udp 3440 3440 -h www.xxx.yyy.zzz but others have
mentioned having problems... -seg I have got the ports neede for this
game to work. So I basically setup ipautofw -A -r port -h
wwww.xxx.yyy.zzz for every port. I\'m able to join games and create
games. However, wehn chatting after joining a game or creating a game,
the other people are not able to read my messages at all. Furthermore,
I\'m not able to actually get to the launch game screen. Perhaps I\'m
just not setting things right. Any help will be appreaciated. Here are
the ports I got from Volition support: Freespace Itself: udp/4000
tcp/3999 PXO Chat Server: udp/7000 PXO User Tracker: udp/3493 PXO Game
Tracker: udp/3440
Delta Force (Novalogic) 2.2.5 ipmasqadm autofw -A -r udp 3568 3569 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 3568 3569 -h
www.xxx.yyy.zzz This might also need the Novaworld redirects. (See F22
Lighting)
Delta Force 2 (Novalogic) 2.2.10 ipmasqadm autofw -A -v -r udp 3568
3569 -h xxx.xxx.xxx.xxx ipautofw -A -v -r udp 3568 3569 -h
xxx.xxx.xxx.xxx Same as Delta Force.
Diablo (1.07+) 2.1.130 ipmasqadm autofw -A -r tcp 6112 6112 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 6112 6112 -h
www.xxx.yyy.zzz [This is probably cleaner: (from starcraft) ipmasqadm
autofw -A -r udp 6112 6112 -c tcp 6112 -seg] ipautofw -A -r tcp 6112
6112 -h www.xxx.yyy.zzz ipautofw -A -r udp 6112 6112 -h
www.xxx.yyy.zzz [This is probably cleaner: (from starcraft) ipautofw
-A -r udp 6112 6112 -c tcp 6112 -seg] The 1.07 patch made the
Battle.Net comm much smarter. Now it acts like StarCraft.
Diablo (battle.net) 2.0.29 ipmasqadm autofw -A -r udp 6112 6112 -c tcp
116 ipmasqadm autofw -A -r udp 6112 6112 -c tcp 118 ipautofw -A -r udp
6112 6112 -c tcp 116 ipautofw -A -r udp 6112 6112 -c tcp 118 Not
extensively tested (it seemed to work ok). I don\'t play the game but
my roommate didn\'t have any problems (apart from the higher lag
time).
DialPad.Com 2.2.13 ipmasqadm autofw -A -r udp 51200 51201 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 51210 51210 -h
www.xxx.yyy.zzz Revised 19 May 2000. People seem to be having a
problem with the control port version. The above setting have been
verified.
DirectX Games 2.2.5-22 ipmasqadm autofw -A -v -r udp 2300 2400 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -v -r tcp 2300 2400 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -v -r tcp 47624 47624 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -v -r udp 47624 47624 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -v -r udp 28800 28900 -h
www.xxx.yyy.zzz ipautofw -A -v -r udp 2300 2400 -h www.xxx.yyy.zzz
ipautofw -A -v -r tcp 2300 2400 -h www.xxx.yyy.zzz ipautofw -A -v -r
tcp 47624 47624 -h www.xxx.yyy.zzz ipautofw -A -v -r udp 47624 47624
-h www.xxx.yyy.zzz ipautofw -A -v -r udp 28800 28900 -h
www.xxx.yyy.zzz Should work for all DirectX varients.
DNS behind IP Masq Host 2.0.30 This solutionis a bit advanced but it
is indended to set up DNS services inside your Masq firewall but still
allow requests to be made from the outside. For more info: DNS.txt
Drakan 2.2.20 This is a copy of the script I use. It\'s written for
redhat 6.x using kernels 2.2.x. $1 is my real internet address and the
192.168.1.2 is the machine running drakan. The script is called by
typeing \"script-name ip#\". The script only works with 12 players
connects. Just add more ports (up to 27074) for more users. There may
be an easier way to do this but I have yet to find it. #!/bin/sh
/sbin/ipmasqadm portfw -a -P udp -L $1 27045 -R 192.168.1.2 27045
/sbin/ipmasqadm portfw -a -P udp -L $1 27046 -R 192.168.1.2 27046
/sbin/ipmasqadm portfw -a -P udp -L $1 27047 -R 192.168.1.2 27047
/sbin/ipmasqadm portfw -a -P udp -L $1 27055 -R 192.168.1.2 27055
/sbin/ipmasqadm portfw -a -P udp -L $1 27056 -R 192.168.1.2 27056
/sbin/ipmasqadm portfw -a -P udp -L $1 27057 -R 192.168.1.2 27057
/sbin/ipmasqadm portfw -a -P udp -L $1 27058 -R 192.168.1.2 27058
/sbin/ipmasqadm portfw -a -P udp -L $1 27059 -R 192.168.1.2 27059
/sbin/ipmasqadm portfw -a -P udp -L $1 27060 -R 192.168.1.2 27060
/sbin/ipmasqadm portfw -a -P udp -L $1 27061 -R 192.168.1.2 27061
/sbin/ipmasqadm portfw -a -P udp -L $1 27062 -R 192.168.1.2 27062
/sbin/ipmasqadm portfw -a -P udp -L $1 27063 -R 192.168.1.2 27063
/sbin/ipmasqadm portfw -a -P udp -L $1 27064 -R 192.168.1.2 27064
/sbin/ipmasqadm portfw -a -P udp -L $1 27065 -R 192.168.1.2 27065
/sbin/ipmasqadm portfw -a -P udp -L $1 27066 -R 192.168.1.2 27066
/sbin/ipmasqadm portfw -a -P udp -L $1 27067 -R 192.168.1.2 27067
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27045 -R $1 27045
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27046 -R $1 27046
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27047 -R $1 27047
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27055 -R $1 27055
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27056 -R $1 27056
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27057 -R $1 27057
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27058 -R $1 27058
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27059 -R $1 27059
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27060 -R $1 27060
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27061 -R $1 27061
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27062 -R $1 27062
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27063 -R $1 27063
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27064 -R $1 27064
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27065 -R $1 27065
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27066 -R $1 27066
/sbin/ipmasqadm portfw -a -P udp -L 192.168.1.2 27067 -R $1 27067
#last line
EGN V2.0+ 2.0.36 ipmasqadm autofw -A -r tcp 5000 6000 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 5000 6000 -h www.xxx.yyy.zzz It
only uses the ports 5000 to 6000 TCP so you can only have one machine
running EGN, maybe that will change with newer versions of EGN.
Everquest 2.0.36 I have run two concurrent version of Everquest on the
same server with two different account using the \"default\" ipmasq
configuration.
Excite PAL 2.2.1 Works just fine with \"No Proxy\" selected.
F16 MRF (Novalogic) 2.2.5 ipmasqadm autofw -A -r udp 1039 8629 -h
www.xxx.yyy.zzz ipautofw -A -r udp 1039 8629 -h www.xxx.yyy.zzz
F22 Raptor (Novalogic) 2.0.33 ipmasqadm autofw -A -r udp 3874 3874 -h
www.xxx.yyy.zzz ipautofw -A -r udp 3874 3874 -h www.xxx.yyy.zzz I
needed to upgrade my version of Raptor to 1.00.16.12r, which at the
time of me writing this is still considered a beta. I have had nothing
but stability problems with the released version and reccommend
upgrading anyway. I have done some preliminary testing, used the game
now on the net for a couple days and found that this solved all my
problems connecting to the internet games with the above mentioned
release. Should I find some more information or changes to this I will
submit them asap.
Falcon 4.0 2.2.x ipchains -A input -p UDP -s 0/0 -d 192.168.10.10
2934:2935 -m 1 -j ACCEPT ipmasqadm mfw -A -m 1 -r 192.168.100.10
Falcon 4.0 uses UDP ports 2934-2935. These commands will allow
incoming UDP packets on those ports and will redirect to your intern
PC (running Falcon 4.0). If you are using another kernel version (or
other redirector module, like autofw) you need to use appropriate
commands to redirect ports 2934-2935 to you internal host. When
starting Falcon 4.0 use the following command line: falcon4 -IP \"your
linux real ip address\"
Fighter Ace Beta 2.0.31 ipmasqadm autofw -A -r udp 9001 9001 -h
www.xxx.yyy.zzz where 9001 = port being used on external server both
low and high repectively (use tcpdump to identify what port is
unreachable) where x = TCP/IP address of host machine inside the
firewall. ipautofw -A -r udp 9001 9001 -h www.xxx.yyy.zzz where 9001 =
port being used on external server both low and high repectively (use
tcpdump to identify what port is unreachable) where x = TCP/IP address
of host machine inside the firewall.
FlightSim98 2.0.35 ipmasqadm autofw -A -r udp 28800 28803 -h
192.168.x.x -u ipmasqadm autofw -A -r tcp 28800 28803 -h 192.168.x.x
-u ipmasqadm autofw -A -r udp 61000 65000 -h 192.168.x.x -u ipmasqadm
autofw -A -r tcp 61000 65000 -h 192.168.x.x -u ipmasqadm autofw -A -r
udp 1000 3000 -h 192.168.x.x -u ipmasqadm autofw -A -r tcp 1000 3000
-h 192.168.x.x -u ipmasqadm autofw -A -r udp 3782 3782 -h 192.168.x.x
-u ipautofw -A -r udp 28800 28803 -h 192.168.x.x -u ipautofw -A -r tcp
28800 28803 -h 192.168.x.x -u ipautofw -A -r udp 61000 65000 -h
192.168.x.x -u ipautofw -A -r tcp 61000 65000 -h 192.168.x.x -u
ipautofw -A -r udp 1000 3000 -h 192.168.x.x -u ipautofw -A -r tcp 1000
3000 -h 192.168.x.x -u ipautofw -A -r udp 3782 3782 -h 192.168.x.x -u
These are the ports that need to be forwarded to make FlightSim98 work
with the zone.com. The last port (3782) is for RogerWilco. I have
verified the setup and got all 8 players in a game with chat. Your
mileage may vary of course.
Freetel ipmasqadm autofw -A -r udp 21300 21303 ipautofw -A -r udp
21300 21303 UDP info courtesy of Freetel\'s own technical support page
on their web site. Tested with their \'freeware\' version on a Win95
Pentium II system.
FTP 2.0.30 ip_masq_ftp.o Module only needed for ported support -- PASV
works without the module. Command channel support through data
transfer since 2.0.30, as long as module is loaded. Supported as part
of the main kernel distirbution.
FTP Behind IP Masq Host 2.0.33 [EMAIL PROTECTED] ipmasqadm autofw
-A -r tcp 600 600 -h www.xxx.yyy.zzz ipautofw -A -r tcp 600 600 -h
www.xxx.yyy.zzz Another way to run an additional ftp server behind a
masquerading linux box is with ipautofw. Just set up your ftpd on the
masqueraded machine to listen to a port (i.e. 600).
Gamespy 2.0.x Works with plain IP-Masquerade and default modules.
Gamestorm 0 ipchains -F forward^M ipchains -P forward ACCEPT^M
ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0/0 ipfwadm -F -f
ipfwadm -F -p accept ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0/0
Gamestorm (www.gamestorm.com) works fine with Air Warrior and Aliens
Online without any changes to the default installation. In using the
default installation, I am making hte assumption the IP Masquerading
was installed following an article by Tom Kunz titled: \"Setting up
your In-home network\". As you can see in the above, nothing real
special was make to configured IP Masquerading and no additional
tcp/udp ports were required.
gnuchess/xboard 2.0.33 Everything runs Ok!
GP500 2.2.13 Regular DirectPlay game that works with basic directplay
setup.
Half Life 2.x Half Life, Team Fortress, CounterStrike... Just works
without configuring anything (tested only 1 masq\'d game client.
Heat.net 2.0.33 ipmasqadm autofw -A -r tcp 1398 1398 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 5500 5600 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 1000 9000 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 1398 1398 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 5500 5600 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 1000 9000 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 1398 1398 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 5500 5600 -h www.xxx.yyy.zzz ipautofw -A -r tcp
1000 9000 -h www.xxx.yyy.zzz ipautofw -A -r udp 1398 1398 -h
www.xxx.yyy.zzz ipautofw -A -r udp 5500 5600 -h www.xxx.yyy.zzz
ipautofw -A -r udp 1000 9000 -h www.xxx.yyy.zzz [NOTE: Ports
corrected: 8000-9000 -> 1000-9000! -seg] Here is what someone from
HEAT sent me when i asked what ports heat uses. Thanks for taking the
time to participate in HEAT as well as for forwarding your comments to
us. In regards to your post, please open up UDP/TCP ports 1398,
5500-5600, 1000-9000. That should do the trick. If you have any
additional comments, questions or thoughts, please feel free to
contact us again. Now i can get a game of duke 3d started, but as soon
as all the players get connected i get an out of sink error.. if any
one has better luck let me know.
HomeWorld 2.2.5-15 ipmasqadm autofw -A -r tcp 15001 15001 -h x.x.x.x
ipmasqadm autofw -A -r udp 15001 15001 -h x.x.x.x ipmasqadm autofw -A
-r tcp 15101 15101 -h x.x.x.x ipmasqadm autofw -A -r udp 15101 15101
-h x.x.x.x ipmasqadm autofw -A -r tcp 15200 15200 -h x.x.x.x ipmasqadm
autofw -A -r udp 15200 15200 -h x.x.x.x ipmasqadm autofw -A -r tcp
15300 15300 -h x.x.x.x ipmasqadm autofw -A -r udp 15300 15300 -h
x.x.x.x ipmasqadm autofw -A -r tcp 21000 21999 -h x.x.x.x ipmasqadm
autofw -A -r udp 21000 21999 -h x.x.x.x ipmasqadm autofw -A -r tcp
30000 30999 -h x.x.x.x ipmasqadm autofw -A -r udp 30000 30999 -h
x.x.x.x ipautofw -A -r tcp 15001 15001 -h x.x.x.x ipautofw -A -r udp
15001 15001 -h x.x.x.x ipautofw -A -r tcp 15101 15101 -h x.x.x.x
ipautofw -A -r udp 15101 15101 -h x.x.x.x ipautofw -A -r tcp 15200
15200 -h x.x.x.x ipautofw -A -r udp 15200 15200 -h x.x.x.x ipautofw -A
-r tcp 15300 15300 -h x.x.x.x ipautofw -A -r udp 15300 15300 -h
x.x.x.x ipautofw -A -r tcp 21000 21999 -h x.x.x.x ipautofw -A -r udp
21000 21999 -h x.x.x.x ipautofw -A -r tcp 30000 30999 -h x.x.x.x
ipautofw -A -r udp 30000 30999 -h x.x.x.x I got the above port
information to play on WON.net by sending email to technical support
of HomeWorld. However, I just tired the HomeWorld demo version. I
haven\'t got the full version yet.
Hotline Client 2.0.33 ipchains -A forward -j MASQ -s 192.168.1.0/24 -d
0.0.0.0/0 ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 If you\'re
useing masq, you don\'t need any settings at all. There\'s nothing to
redirect, no special commands to issue. It just works. The above line,
which is the standard \"turn on masq\" configuration makes everything
work without ever having to tune masq at all. I frequently have more
than one user on the same or different remote servers without any
problem at all.
Hotline Server 2.0.33 ipchains -A forward -j MASQ -b -p tcp -s
0.0.0.0/0 5500 -d www.xxx.yyy.zzz 5500 ipfwadm -F -a -m -b -P tcp -S
0.0.0.0/0 5500 -D www.xxx.yyy.zzz 5500 or redir www.xxxx.yyyy.zzzz
5500 5500 &
HTTP 2.0.30 This works. Nothing additional required. A lot of people
see MTU related problems. Caching proxy server is recommended (see
squid or apache). Default MTU of 1500 usually solves the problem.
HTTP Server behind IP Masq Host 2.0.30 I used redir instead of
ipmasqadm autofw: redir www.xxx.yyy.zzz listen_port 80 www.xxx.yyy.zzz
is the web server ip behind ipmasq host I used redir instead of
ipautofw: redir www.xxx.yyy.zzz listen_port 80 www.xxx.yyy.zzz is the
web server ip behind ipmasq host e.g. run on 192.168.1.1: redir
192.168.1.2 81 80 & url=> http://192.168.1.1:81/ will give you the
root web on 192.168.1.2
HTTP Server behind masq 2.2.7
IBS - Novaworld 2.0.35 ipmasqadm autofw -A -r udp 4533 4534
www.xxx.yyy.zzz NOTE: www.xxx.yyy.zzz is replace by the ip of the
machine engaging in net play. ipautofw -A -r udp 4533 4534
www.xxx.yyy.zzz NOTE: www.xxx.yyy.zzz is replace by the ip of the
machine engaging in net play. This setting runs contrary to the port
addresses stated by NovaLogic. I have verified that is works on
multiple systems. The IP_MASQ_FTP module is required for the ONLINE
updates upon entering the game. Enjoy.
iChat 2.0.30 The iChat Pager worked without any hassles at all. No
extra modules or commands needed.
ICQ 2.0.36,2.2.x Use the referenced module! Use the referenced module!
This is a great fix. The previous work arounds listed on this page
don\'t always work with ICQ, and it is a bit of a hassle to get all
the port ranges set up. This module takes care of everything, although
with the 2.0.x kernels there is some patching required (not with
2.2.x). The link to get this module is
http://members.tripod.com/~djsf/masq-icq and there are instructions
provided with the source.
ICU II Version 3 2.0.36 ipmasqadm autofw -A -r tcp 2000 2010 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 1015 1015 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 2069 2069 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 2000 2010 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 1015 1015 -h www.xxx.yyy.zzz ipautofw -A -r tcp
2069 2069 -h www.xxx.yyy.zzz Ports 2000 thru 2010, 1015, 2069: must be
open for data transfer in both directions and cannot be filtered if
the icuii is to work.
IDT Net2Phone (ver. 8.31) 2.0.30 ipmasqadm autofw -A -r udp 6613 6613
-h www.xxx.yyy.zzz ipautofw -A -r udp 6613 6613 -h www.xxx.yyy.zzz You
have to set TCPPORT=nnnnn and UDPPORT=mmmmm in the [CONFIG] section of
net2fone.ini. The program server seems to ignore the UDP settings, but
6613 worked for me. I had to use redir because two different servers
connect to the TCPPORT, and I could not make this work with ipautofw:
redir www.xxx.yyy.zzz nnnnn nnnnn & It is maybe possible to use this
scheme to set up multiple workstations on different ports.
IGames In response to one of the request on the request page, I sent a
message to TS at Igames. They replied with this letter: We use an
unlimited number of ports. They are created dynamically based on
whatever port numbers windows has available to it. The way our system
is designed prevents us from only having a few set port numbers. This
method works best to reduce load on or server and distribute it more
evenly across clients. Sorry, firewalls are not friends of Igames.
Chris Springer
InterCasino 2.0.30 Works perfectly, without any special
commands/modules. Watch out though, this is YOUR money...
Internet Phone 2.0.30 Works for me with this line in the inetd.conf:
22555 dgram udp wait root /usr/sbin/tcpd /usr/sbin/udpred
www.xxx.yyy.zzz 22555 where: www.xxx.yyy.zzz is the Windows box. Works
for me with this line in the inetd.conf: 22555 dgram udp wait root
/usr/sbin/tcpd /usr/sbin/udpred www.xxx.yyy.zzz 22555 where:
www.xxx.yyy.zzz is the Windows box. udpred can be found on the Links
page. Submitted by: Michael Gallo This allows Linux to forward udp
packets for ports 22555 used by IPhone to the host machine specified
by the IP Address xxx.xxx.xxx.xxx NOTE: This only works with ONE host
PC located behind the Linux firewall. This has been tested and works
for both incomming and outgoing calls.
Internet Phone 4.5 <> Addressing Server 2.0.33 ipmasqadm autofw -A -r
udp 22555 22566 -h www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 25793
25804 -h www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 1490 1501 -h
www.xxx.yyy.zzz ipautofw -A -r udp 22555 22566 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 25793 25804 -h www.xxx.yyy.zzz ipautofw -A -r tcp
1490 1501 -h www.xxx.yyy.zzz In addition to the udpredir for incoming
calls. To access the addressing server, open the channels it works
with: 1. TCP Port 6670 (decimal) to remote system: The port used to
connect to the Internet Phone Servers. 2. UDP Port 22555 (decimal).
All audio is passed through this port on both local and remote
machine. 3. TCP Port 25793 (decimal) to remote system: The port used
to connect to the Addressing Server(for Version 4.X). 4. TCP Port
1490. This port is for the Conference engine (whiteboard/chat/file
transfer)(for Version 4.X).
Intuit TurboTax 97 2.0.33 On-line tax filing seemed to use http
protocol, according to diald-top status. Normal IP Masquerade
configuration worked.
IPhone 2.0.30 ipmasqadm autofw -A -r udp 22555 22555 ipautofw -A -r
udp 22555 22555 Untested, please let me know if it works or not.
IPhone 5.01 ipmasqadm autofw -A -r tcp 1490 1490 ipmasqadm autofw -A
-r tcp 6670 6670 ipmasqadm autofw -A -r tcp 25793 25793 ipmasqadm
autofw -A -r udp 22555 22555 ipautofw -A -r tcp 1490 1490 ipautofw -A
-r tcp 6670 6670 ipautofw -A -r tcp 25793 25793 ipautofw -A -r udp
22555 22555 The port info courtesy of Vocaltec\'s support area on
their web site. I tested the audo only (no video) on a Win95 Pentium
II system.
IPhone 5.01 ipmasqadm autofw -A -r tcp 1490 1490 ipmasqadm autofw -A
-r tcp 6670 6670 ipmasqadm autofw -A -r tcp 25793 25793 ipmasqadm
autofw -A -r udp 22555 22555 ipautofw -A -r tcp 1490 1490 ipautofw -A
-r tcp 6670 6670 ipautofw -A -r tcp 25793 25793 ipautofw -A -r udp
22555 22555 The port info courtesy of Vocaltec\'s support area on
their web site. I tested the audo only (no video) on a Win95 Pentium
II system.
IPhone 5.01 ipmasqadm autofw -A -r tcp 1490 1490 ipmasqadm autofw -A
-r tcp 6670 6670 ipmasqadm autofw -A -r tcp 25793 25793 ipmasqadm
autofw -A -r udp 22555 22555 ipautofw -A -r tcp 1490 1490 ipautofw -A
-r tcp 6670 6670 ipautofw -A -r tcp 25793 25793 ipautofw -A -r udp
22555 22555 The port info courtesy of Vocaltec\'s support area on
their web site. I tested the audo only (no video) on a Win95 Pentium
II system.
IPhone 5.01 ipmasqadm autofw -A -r tcp 1490 1490 ipmasqadm autofw -A
-r tcp 6670 6670 ipmasqadm autofw -A -r tcp 25793 25793 ipmasqadm
autofw -A -r udp 22555 22555 ipautofw -A -r tcp 1490 1490 ipautofw -A
-r tcp 6670 6670 ipautofw -A -r tcp 25793 25793 ipautofw -A -r udp
22555 22555 The port info courtesy of Vocaltec\'s support area on
their web site. I tested the audo only (no video) on a Win95 Pentium
II system.
IPhone 5.01 ipmasqadm autofw -A -r tcp 1490 1490 ipmasqadm autofw -A
-r tcp 6670 6670 ipmasqadm autofw -A -r tcp 25793 25793 ipmasqadm
autofw -A -r udp 22555 22555 ipautofw -A -r tcp 1490 1490 ipautofw -A
-r tcp 6670 6670 ipautofw -A -r tcp 25793 25793 ipautofw -A -r udp
22555 22555 The port info courtesy of Vocaltec\'s support area on
their web site. I tested the audo only (no video) on a Win95 Pentium
II system.
IPhone 5.01 ipmasqadm autofw -A -r tcp 1490 1490 ipmasqadm autofw -A
-r tcp 6670 6670 ipmasqadm autofw -A -r tcp 25793 25793 ipmasqadm
autofw -A -r udp 22555 22555 ipautofw -A -r tcp 1490 1490 ipautofw -A
-r tcp 6670 6670 ipautofw -A -r tcp 25793 25793 ipautofw -A -r udp
22555 22555 The port info courtesy of Vocaltec\'s support area on
their web site. I tested the audo only (no video) on a Win95 Pentium
II system.
IPhone 5.01 ipmasqadm autofw -A -r tcp 1490 1490 ipmasqadm autofw -A
-r tcp 6670 6670 ipmasqadm autofw -A -r tcp 25793 25793 ipmasqadm
autofw -A -r udp 22555 22555 ipautofw -A -r tcp 1490 1490 ipautofw -A
-r tcp 6670 6670 ipautofw -A -r tcp 25793 25793 ipautofw -A -r udp
22555 22555 The port info courtesy of Vocaltec\'s support area on
their web site. I tested the audo only (no video) on a Win95 Pentium
II system.
IPhone 5.01 ipmasqadm autofw -A -r tcp 1490 1490 ipmasqadm autofw -A
-r tcp 6670 6670 ipmasqadm autofw -A -r tcp 25793 25793 ipmasqadm
autofw -A -r udp 22555 22555 ipautofw -A -r tcp 1490 1490 ipautofw -A
-r tcp 6670 6670 ipautofw -A -r tcp 25793 25793 ipautofw -A -r udp
22555 22555 The port info courtesy of Vocaltec\'s support area on
their web site. I tested the audo only (no video) on a Win95 Pentium
II system.
IPhone 5.01 ipmasqadm autofw -A -r tcp 1490 1490 ipmasqadm autofw -A
-r tcp 6670 6670 ipmasqadm autofw -A -r tcp 25793 25793 ipmasqadm
autofw -A -r udp 22555 22555 ipautofw -A -r tcp 1490 1490 ipautofw -A
-r tcp 6670 6670 ipautofw -A -r tcp 25793 25793 ipautofw -A -r udp
22555 22555 The port info courtesy of Vocaltec\'s support area on
their web site. I tested the audo only (no video) on a Win95 Pentium
II system.
IPX 2.0.31
ftp://sunsite.unc.edu/pub/Linux/system/network/router/ipxbridge-0.2.ta
r.gz Sets up an IPX bridge between two networks. Run it on the
masquerading computer and it forwards IPX traffic on one interface to
the other. This package includes three versions (0.1, 0.1.1, 0.2). I
have had success with the first two, but not 0.2. It also looks
possible to patch this program in order to do the same for NetBEUI
traffic if you are forced to use it. :)
Iris Phone 2.5 2.0.30 ipmasqadm autofw -A -r tcp 4969 4970 -c tcp 4970
ipmasqadm autofw -A -r udp 4969 4970 -c udp 4970 ipautofw -A -r tcp
4969 4970 -c tcp 4970 ipautofw -A -r udp 4969 4970 -c udp 4970 This
allows for VIDEO and Directory services with Iris Phone 2.5. It should
work with the older version too... I only got to test it with the demo
ver because I did not want to pay $150 for it.
iVisit 2.2.9 ipmasqadm portfw -a -P udp -L 9943 -R 9943 ipmasqadm
portfw -a -P udp -L 9945 -R 9945 ipmasqadm portfw -a -P udp -L 56768
-R 56768 Works fine, will timeout masq if no packets are sent. For
incoming direct calls to 1 pc NOT using the directory use the above
configuration.
Kahn97 2.0.x If your running IP masq with a unix/linux box you can
download hte unix/linux kahn server from www.stargatenetworks.com then
install it and make your own server. Tell your net friends to add your
server to the servers list. You MUST connect to you kahn server by
using the LOCAL IP address of your box. Have fun!
Kali Kali has made a proxy server for linux! (Binary only) This means
you don\'t have to worry about ANY of the maq problems, and you get
unlimited concurrent players to boot. The proxy server also means you
can host your own games with people dialing into your linux box (as
ppp) and play say 4 players (two local ethernet, 2 dial in) without
using the net. (as the kali95 client can act as a user & host) You can
get it at: ftp://ftp.kali.net/pub/kali/kplnx15.tgz Then all you have
to do is set kali95 to use the proxy in file/settings. The kali web
site at http://www.kali.net has full details. There\'s also a linux
Kali server (unlimited users), but it costs $100.
Legal Crime (1.7beta+) 2.1.47 ipchains -A forward -j ACCEPT -s
192.168.1.0/24 10750 -d 0.0.0.0/0 -p udp^M ipchains -A forward -j
ACCEPT -s 192.168.1.0/24 10760 -d 0.0.0.0/0 -p udp ipfwadm -F -a
accept -S 192.168.1.0/24 10750 -D 0.0.0.0/0 -P udp ipfwadm -F -a
accept -S 192.168.1.0/24 10760 -D 0.0.0.0/0 -P udp Finally got Legal
Crime to work. Probably an easier way to do this, but for now it
works. E-mail me if there\'s an easier way to do this. Note: if you
don\'t open the ports, you will probably be able to see games, but
every game you join, you won\'t see anybody...
Lotus Domino 2.0.33 Added the following line to inetd.conf: 1352
stream tcp nowait root /usr/sbin/tcpd redir --inetd --syslog --name
notes www.xxx.yyy.zzz 1352 Added the following line to inetd.conf:
1352 stream tcp nowait root /usr/sbin/tcpd redir --inetd --syslog
--name notes www.xxx.yyy.zzz 1352 This will start redir on lotus notes
port from inetd and allow you to restrict it with wrappers.
Lotus Notes 2.0.30 No additional configuration needed.
Lotus Notes Client 4.6.3 2.2.10 No special configuration needed.
MechWarrior 3 2.2.5-15 ipmasqadm autofw -A -r tcp 47624 47624 -h
192.168.0.xxx ipmasqadm autofw -A -r udp 47624 47624 -h 192.168.0.xxx
ipmasqadm autofw -A -r tcp 2300 2400 -h 192.168.0.xxx ipmasqadm autofw
-A -r udp 2300 2400 -h 192.168.0.xxx where 192.168.0.xxx is the IP of
your windows box. ipautofw -A -r tcp 47624 47624 -h 192.168.0.xxx
ipautofw -A -r udp 47624 47624 -h 192.168.0.xxx ipautofw -A -r tcp
2300 2400 -h 192.168.0.xxx ipautofw -A -r udp 2300 2400 -h
192.168.0.xxx This can be placed into a script. See TrinityOS on the
links page!
Microsoft DirectPlay 2.0.33 ipmasqadm autofw -A -r tcp 1000 1095 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 1000 1029 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 1031 2210 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 2220 3212 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 3214 5000 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 40000 60000 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 1000 1095 -h www.xxx.yyy.zzz
ipautofw -A -r udp 1000 1029 -h www.xxx.yyy.zzz ipautofw -A -r udp
1031 2210 -h www.xxx.yyy.zzz ipautofw -A -r udp 2220 3212 -h
www.xxx.yyy.zzz ipautofw -A -r udp 3214 5000 -h www.xxx.yyy.zzz
ipautofw -A -r udp 40000 60000 -h www.xxx.yyy.zzz Games that work:
Total Annihalation,Twisted Metal 2,Moto Racer If you want to play Moto
Racer, change the first line to read: ipautofw -A -r tcp 1000 5000 -h
www.xxx.yyy.zzz Port 1030 is skipped because it used by ping and port
3213 is used by kproxy for Kali.
Microsoft NetMeeting 2.0 2.0.30 Primary TCP connections: This will
allow what microsoft calls the \'Primary TCPConnections\' to work.
This will allow such features as: applicationsharing, whiteboard,
chat, file transfer, and directory lookups. ipmasqadm autofw -A -r tcp
389 389 ipmasqadm autofw -A -r tcp 522 522 ipmasqadm autofw -A -r tcp
1503 1503 ipmasqadm autofw -A -r tcp 1720 1720 ipmasqadm autofw -A -r
tcp 1731 1731 You can make only outgoing calls. I have not tried
incomming calls but itmay work if you have previously connected to the
same user. Secondary TCP/UDP connections: This will allow what
microsoft calls the \'Secondary TCP and UDPConnections\' to work. This
will allow such features as: audio and videoconferencing using the
H.323 protocol. ipmasqadm autofw -A -r tcp 1024 65535ipmasqadm autofw
-A -r udp 1024 65535 Primary TCP connections: This will allow what
microsoft calls the \'Primary TCPConnections\' to work. This will
allow such features as: applicationsharing, whiteboard, chat, file
transfer, and directory lookups. ipautofw -A -r tcp 389 389 ipautofw
-A -r tcp 522 522 ipautofw -A -r tcp 1503 1503 ipautofw -A -r tcp 1720
1720 ipautofw -A -r tcp 1731 1731 You can make only outgoing calls. I
have not tried incomming calls but itmay work if you have previously
connected to the same user. Secondary TCP/UDP connections: This will
allow what microsoft calls the \'Secondary TCP and UDPConnections\' to
work. This will allow such features as: audio and videoconferencing
using the H.323 protocol. ipautofw -A -r tcp 1024 65535ipautofw -A -r
udp 1024 65535 This is a big security risk because of the large number
of ports that have to be opened. I have tested the voice portion to
work with FD audio. My video camera is on the fritz and was unable to
test that portion of the program. This is provided for informational
uses only and is not recomended. Primary ports must also be setup for
this to work. NOTE: Don\'t send Jim a message if you can\'t get it to
work. It does work and has been verified.
Midtown Madness 2.2.x ipmasqadm autofw -A -r tcp 47624 47624 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 2300 2400 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 2300 2400 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 47624 47624 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 2300 2400 -h www.xxx.yyy.zzz ipautofw -A -r udp
2300 2400 -h www.xxx.yyy.zzz May be able to tighten this up a bit, but
it works 100% with the settings shown. [Note: looks like standard
DirectX, would try to tighten it. -seg]
Monopoly 2.0.30 Hosting a monopoly game does not work until I find out
the ports, but joining a game works fine.
Motocross Madness 2.2.1 ipmasqadm autofw -A -r udp 47624 47624 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 47624 47624 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 2300 2400 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 2300 2400 -h
www.xxx.yyy.zzz ipautofw -A -r udp 47624 47624 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 47624 47624 -h www.xxx.yyy.zzz ipautofw -A -r udp
2300 2400 -h www.xxx.yyy.zzz ipautofw -A -r tcp 2300 2400 -h
www.xxx.yyy.zzz For some stupid reason, Motocross Madness jumps
between tcp/udp ports 2300 and 240. Armed with a sniffer, I could not
detect any kind of pattern... So, this was as tight as I could get it.
It works, and for this great game, that\'s all that matters, right?
;-)
Mplayer Games Network 2.0.30 ipmasqadm autofw -A -r tcp 8000 8999 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 8000 8999 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 8000 8999 -h www.xxx.yyy.zzz
ipautofw -A -r udp 8000 8999 -h www.xxx.yyy.zzz I was looking through
the Mplayer web page, and I came across the port information. Mplayer
uses tcp and udp ports 8000-8999. I don\'t know of a control port, so
I used -h to route them to a particular local machine. This is
*untested* as I am not on Mplayer yet, but it should work. Try it and
e-mail me either way.
MS Netshow 2.0 2.0.30 No additional configuration needed.
MSN Gaming Zone 2.0.35 MS KB Article Q159301 Zone: Connecting to the
Zone Through a Firewall or Proxy Server To play DirectX games on the
MSN Gaming Zone through a network firewall or proxy server, the
following requirements must be met: DirectX 6.0 or later must be
installed on your computer. Your network administrator must configure
the proxy server or firewall to allow DirectX games to pass
information through the proxy server or firewall. The latest version
of DirectX is available as a free download from the following
Microsoft Web site: http://www.microsoft.com/directx For more
information about how to install the latest version of DirectX, please
see the following article in the Microsoft Knowledge Base: Q179113 How
to Download and Install DirectX To play DirectX games across a
firewall, verify that all computers in the game are running DirectX
6.0, and then ask your firewall administrator to configure the
firewall to use the following settings: Allow an initial outbound TCP
connection on port 47624. Allow subsequent inbound and outbound
connections on TCP and UDP ports 2300-2400. Set appropriate
permissions for DirectPlay (Client). Additionally, to play games on
the Zone, the following TCP ports on the firewall must be open: 28800
- 28912 For additional information about how to configure firewall or
proxy server support for DirectPlay 6.0 games, please see the
\"Firewall Support in DirectPlay 6.0\" topic in the DirectX 6.0 SDK
Help file.
Myth II demo 2.2.x ipmasqadm portfw -a -P tcp -L 3453 -R 3453
ipmasqadm portfw -a -P tcp -L 3453 -R 3453 Hosting Myth II demo games
(probably the full version, too) requires one ipmasqadm command on 2.2
kernels (I have no idea about 2.0 kernels). Works great, I\'ve tested
it a lot ;-) Just playing Myth II doesn\'t require any special
settings.
Myth: The Fallen Lords 2.0.31 ipmasqadm autofw -A -u -r tcp 3453 3453
-h xxx.yyy.zzz.www ipautofw -A -u -r tcp 3453 3453 -h xxx.yyy.zzz.www
This is for the full release of the game (not the demo, I\'m not even
sure if the demo supports networking). Joining games seems to work
fine without any ipautofw commands. The ipautofw command is only
needed to HOST a game. In actuality you can probably host a game on
any port and just replace the 3453 with the port you wish to host (I
haven\'t thoroughly tested).
Napster Option 1: ipmasqadm autofw -A -r tcp 6699 6699 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 6697 6697 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 4444 4444 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 5555 5555 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 6666 6666 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 7777 7777 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 8888 8888 -h
www.xxx.yyy.zzz Option 2: Charles Fisher writes: There is a better way
to forward napster than what you have in your instructions. I use:
/usr/sbin/ipmasqadm portfw -a -P tcp -L 1.2.3.4 6702 -R 192.168.1.130
6702 (the 1.2.3.4 is your internet ip address, and 6702 is the port to
forward). Doing it this way, the data never enters user-space, it is
all handled by the kernel, so it is faster. Also, the sending IP will
not be changed, so a netstat on the internal box will show the real ip
address, not the ip of the gateway. IMHO, this is a much better way to
do it. Be warned that portfw only works inside the firewall; you
can\'t re-forward back onto the internet. Derek Streeter writes: Redir
(or other newer port forwarding) is used to forward a single tcp port
to the private IP. This redirected port is then entered when setting
up Napster. If using redir, you need the followin gin /etc/inetd.conf:
napster1 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/redir --inetd
192.168.0.x 6699 Then add napster1 tcp/6699 to /etc/services. Do this
with a different port for each host running napster. You may need to
add napster1 to /etc/hosts.allow.
Need for Speed 5 (Porsche) 2.2.10 ipmasqadm autofw -A -v -r udp 9395
9405 -h xxx.xxx.xxx.xxx ipautofw -A -v -r udp 9395 9405 -h
xxx.xxx.xxx.xxx These settings let you make a nfs5 server if you are
behind a firewall.
Need for Speed 5 (Porsche) 2.2.10 ipautofw -A -v -r udp 9395 9405 -h
xxx.xxx.xxx.xxx These settings let you make a nfs5 server if you are
behind a firewall.
Net2Phone 2.2.x ipmasqadm portfw -a -P tcp -L aaa.bbb.ccc.ddd 20000 -R
www.xxx.yyy.zzz 20000 ipmasqadm portfw -a -P udp -L aaa.bbb.ccc.ddd
20000 -R www.xxx.yyy.zzz 20000 where aaa.bbb.ccc.ddd is the
masquerading router, www.xxx.yyy.zzz is the pc running net2phone.
C:\\windows\\ne2phone.ini: [CONFIG] TCPPORT=20000 UDPPORT=20000
ipmasqadm portfw -a -P tcp -L aaa.bbb.ccc.ddd 20000 -R www.xxx.yyy.zzz
20000 ipmasqadm portfw -a -P udp -L aaa.bbb.ccc.ddd 20000 -R
www.xxx.yyy.zzz 20000 where aaa.bbb.ccc.ddd is the masquerading
router, www.xxx.yyy.zzz is the pc running net2phone.
C:\\windows\\ne2phone.ini: [CONFIG] TCPPORT=20000 UDPPORT=20000 Repeat
the same procedure for every masqueraded machine, just use a different
port for every machine.
Netrek 2.0.34 ip_masq_netrek.o ipmasqadm autofw -A -r udp 45000 45010
-h www.xxx.yyy.zzz -v ipautofw -A -r udp 45000 45010 -h
www.xxx.yyy.zzz -v Add \'baseUdpLocalPort: 45000\' to the .xtrekrc
file. [NOTE: Older entry for this application requrires
ip_masq_netrek.o! -seg] Just follow the Instructions and you should be
good to go. A very small kernel patch is neede din addition to hte
module. Because things may be different in kernels later than 2.0.30,
the patch may be unnecessary, or a different patch may be needed, or
neither.
Netstorm 2.2.13 ipmasqadm autofw -A -r udp 6790 6800 -h
xxx.xxx.xxx.xxx ipmasqadm autofw -A -r tcp 6790 6800 -h
xxx.xxx.xxx.xxx ipautofw -A -r udp 6790 6800 -h xxx.xxx.xxx.xxx
ipautofw -A -r tcp 6790 6800 -h xxx.xxx.xxx.xxx
NFS 2.0.30 This works through a normal masquerading setup, although it
can be very slow on the internet -- I think SMB is more efficient. Tim
Fletcher ([EMAIL PROTECTED]) writes: I have setup via port
fowarding of 111,635,2049 the appearance of a NFS server on the
firewall which is really on a different machine.
Novell Netware 2.0.33 ipchains -A forward -j REDIRECT 213 -p udp D
www.xxx.yyy.zzz 213^M ipmasqadm autofw -A -r 213 213 {-h
net.ware.serv.er}|{-c udp 213} ipfwadm -F -a accept -P udp -m D
www.xxx.yyy.zzz 213 ipautofw -A -r 213 213 {-h net.ware.serv.er}|{-c
udp 213} Port 213 is standard IPX port, this works to make a
connection between [Intra]Netware machines thru IPTUNNEL.NLM. You may
also connect ot a Netware/IP server by using port 43981 (0xABCD)
instead of 213.
Novell Netware/IP 2.0.36 For a default NWIP setup, a single client
connecting via linux IP masq can connect if the following ports are
forwarded on the linux side to the NWIP side: 43981/udp 43982/udp If
the client on the masq\'d network happens to be a Netware 4.x server
running NWIP or a Netware 5 server running NWIP migration agent then
port 396/tcp (an probably udp) will also need to be forwarded. Of
course then if you turn on IPX->NWIP forwarding, all machines can then
connect to the remote Netware network using IPX only. If you haven\'t
used the default ports in setting up NWIP on the Netware side of
things, you\'ll need to adjust the non-root ports to be forwarded
accordingly.
Nox 2.2.12-20 ipmasqadm autofw -A -r udp 18590 18599 -h
www.xxx.yyy.zzz Nox retail servers use UDP port 18590. Official Nox
server use ports 18590-18599 I haven\'t tested this myself, but from
what I read it should work. [ed - this guy TRUSTS the documentation?
The information at least has been verified.]
NT Logon 2.0.3x use PPTP to get hsi to work. Read the PPTP Masq docs
and the NT RK if you need help.
ntalkd Traditional Unix Talk Daemon ipmasqadm portfw -a -P udp -L
aaa.bbb.ccc.ddd 517 -R www.xxx.yyy.zzz 517 ipmasqadm portfw -a -P udp
-L aaa.bbb.ccc.ddd 518 -R www.xxx.yyy.zzz 518 where aaa.bbb.ccc.ddd is
the address of the masq server, www.xxx.yyy.zzz is the internal
machine address. ipmasqadm portfw -a -P udp -L aaa.bbb.ccc.ddd 517 -R
www.xxx.yyy.zzz 517 ipmasqadm portfw -a -P udp -L aaa.bbb.ccc.ddd 518
-R www.xxx.yyy.zzz 518 where aaa.bbb.ccc.ddd is the address of the
masq server, www.xxx.yyy.zzz is the internal machine address. First
off, make sure you kill off talkd and ntalkd from inetd.conf on the
firwall box. While this fixes incoming talk requests, it doesn\'t do
anything to fix outgoing talk requests.
ntalkd Traditional Unix Talk Daemon ipmasqadm portfw -a -P udp -L
aaa.bbb.ccc.ddd 517 -R www.xxx.yyy.zzz 517 ipmasqadm portfw -a -P udp
-L aaa.bbb.ccc.ddd 518 -R www.xxx.yyy.zzz 518 where aaa.bbb.ccc.ddd is
the address of the masq server, www.xxx.yyy.zzz is the internal
machine address. First off, make sure you kill off talkd and ntalkd
from inetd.conf on the firwall box. While this fixes incoming talk
requests, it doesn\'t do anything to fix outgoing talk requests.
OKbridge for Windows 2.0.30 ipchains -M -S 7200 0 0^M ipmasqadm autofw
-A -r tcp 1729 1729 -h www.xxx.yyy.zzz ipfwadm -M -s 7200 0 0 redir
www.xxx.yyy.zzz 1729 1729 This is a MS Windows app that lets you play
contract bridge over the Internet. OKbridge is a commercial service
with over 12,000 members. The 7200-minute TCP timeout setting is of
course variable. Redirecting port 1729 to the Windows machine is only
needed if you plan to serve a table, since a table server listens for
connections on that port. For this reason only one person behind the
firewall may serve at any given time, but this is no barrier to
playing in a game. Enjoy!
OnLive Talker! 2.0.30 ip_masq_raudio.o insmod ip_masq_raudio
ports=3060,3061 insmod ip_masq_raudio ports=3060,3061 If audio is
choppy in the Talker, set the connection to use 14.4kbps. A quick fix
for incomming audio only (no outgoing), is to set the connection
properties for 14.4kbps and \"USE TCP\". These settings are configured
from the System Tray.
OnLive Traveler! 2.0.30 ip_masq_raudio.o insmod ip_masq_raudio
ports=3060,3061 insmod ip_masq_raudio ports=3060,3061 If audio is
choppy in the Traveler, set the connection to use 14.4kbps. A quick
fix for incomming audio only (no outgoing), is to set the connection
properties for 14.4kbps and \"USE TCP\".
pcAnywhere v7.5 (patch 1) 2.0.30 ipmasqadm autofw -r tcp 5631 5632 -h
www.xxx.yyy.zzz ipmasqadm autofw -r udp 5631 5632 -h www.xxx.yyy.zzz
ipautofw -r tcp 5631 5632 -h www.xxx.yyy.zzz ipautofw -r udp 5631 5632
-h www.xxx.yyy.zzz The ipautofw is ONLY needed if you wish to be able
to take over a machine behind your firewall from the Internet. If you
only need to go from behind the firewall to a machine on the Internet,
no extra action is required.
Patch 1 on pcAnywhere uses registered ports 5631,5632. Prior to this
patch different (unregistered) ports were used. Make sure that all
your host machines running anywhere are upgraded to the same level.
I\'m not sure if the UDP stuff for ipautofw is needed but this is how
I have it working.
pcAnywhere version 8 should work as well.
Perl, Perl/TK GUI 2.2.x ,220); insert into ipchains (config,appid)
values( Check out http://thrish.com/ut/ipchains.html for more info.
This is some sort of Perl/TK GUI.
PhoneFree From Phonefree Tech Support: Hi, In order to allow PhoneFree
to work through a firewall you need the following information:
PhoneFree uses standard HTTP on port 8000 for communicating with our
servers. Port 8000 is used to avoid conflicts with ISPs that use
caching proxy servers on port 80. Standard FTP (PASV mode) on port 21
is used for voice mail and icon uploads. Here is a summary of ports
and servers used by PhoneFree. This is in addition to standard HTTP on
port 80 used by www.phonefree.com Voice mail and icon upload: ftp
server: cgi1.phonefree.com port: 21 HTTP server: cgi1.phonefree.com
Port: 8000 For actual voice conversations, which are done
peer-to-peer, you will need to open up the following ports through
your firewall: TCP 1035 UDP 1034 And the Active PhoneBook: TCP 2644
(Please note: if the below mentioned is a proxy server PhoneFree
won\'t work) PhoneFree Tech Support
PointCast 2.0 2.0.30 No additional configuration needed.
PowWow v3.2beta5 2.0.30 ipmasqadm autofw -A -r tcp 13223 13223 -c tcp
13223 -u ipmasqadm autofw -A -r udp 13223 13223 -c tcp 13223 -u
ipmasqadm autofw -A -r tcp 23213 23213 -c tcp 13223 -u ipautofw -A -r
tcp 13223 13223 -c tcp 13223 -u ipautofw -A -r udp 13223 13223 -c tcp
13223 -u ipautofw -A -r tcp 23213 23213 -c tcp 13223 -u Should allow
both incoming and outgoing connections. Voice works fine.
PPTP (Microsoft Point to Point Tunneling Protocol) 2.0.30 There is a
patch available if you are using a standard 2.0.30 kernel at
http://www.wolfenet.com/~jhardin and at
ftp://ftp.rubyriver.com/pub/jhardin/masquerade. For more information,
please talk a look at
http://www.wolfenet.com/~jhardin/ip_masq_pptp.html
Quake 2.0.30 ip_masq_quake.o Works really good (not too much lag
added) but only for one player per server.
Quake 2 2.0.31 ip_masq_quake.o Works like a charm with no special
setup. Just like Quakeworld for Quake 1. If you want to host a server
insall the ipportfw support located in \"Masq Links\" in your kernel
and then forward TCP and UDP port 27910 to you local Quake2 IP.
Quake 3 2.0.36 ipmasqadm autofw -A -r udp 27960 -h www.xxx.yyy.zzz
ipautofw -A -r udp 27960 -h www.xxx.yyy.zzz This rule will allow for a
Quake3 server to be run behind the linux masq machine onport 27960. I
did not have problems using Q3 as a client to other machines on the
Internet while using ip_masq_quake, however to run a server behind the
masq you must use this rule.
QuakeWorld 2.0.30 ipchains -A forward -j MASQ -s 192.168.1.0/24 -d
0.0.0.0/0 ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 I\'ve been
using the generic line for QuakeWorld and it works wonderfully.
Quicktime 4 and RTP/RTSP 2.0.38 ipmasqadm autofw -A -r tcp 554 554 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -R udp 6970 6999 -h
www.xxx.yyy.zzz Ipchains. IPautofw perhaps: ipautofw -A -r tcp 554 554
-h www.xxx.yyy.zzz ipautofw -A -R udp 6970 6999 -h www.xxx.yyy.zzz
Need QuickTime rtsp_proxy from
http://www.apple.com/quicktime/developers/rtspproxy.html You also need
a patch from http://www.neosoft.com/~lpb/rtsp_proxy_patch.gz Make sure
you run it with the name of your outside ip address: % ./rtsp_proxy
... -n gatehost ... &
Rainbow Six 2.0.35 ipmasqadm autofw -A -r tcp 2436 2438 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 2436 2438 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 2436 2438 -h www.xxx.yyy.zzz
ipautofw -A -r udp 2436 2438 -h www.xxx.yyy.zzz These ports can be
changed in the game. This is just with the default ports. Only for
normal LAN games -- for Internet it is MPlayer ports 8000-9000.
Real Audio 2.0.30 ip_masq_raudio.o Works in TCP mode without
application module. RealVideo should work, but has not been tested.
Supported as part of the main kernel distribution.
Real Player 2.0.30 ip_masq_raudio.o Both RealAudio and RealVideo work
great.
RealEncoder The RealEncoder works fine behind a masq wall as well.
I\'ve been doing a show now for 3 weeks everynight with no problem.
RealEncoder redir --inetd --timeout=120 www.xxx.yyyy.zzzz 7070 redir
--inetd --timeout=120 www.xxx.yyyy.zzzz 7070 Using RealServer +
RealEncoder under Windows95 behind an ipmasq\'d firewall is easy. Use
the above redir line, where www.xxx.yyy.zzz is the IP of the \'95 box.
The rest should be self explanatory. This works great for live
broadcasts as well. However, if you have the option of running
RealServer on the Linux box and RealEncoder on the Windows95 box, do
so -- I don\'t see why you couldn\'t. It\'s much more efficient this
way, and balances out the load between two systems versus one.
Red Alert unknown ipmasqadm autofw -A -r udp 5009 5009 -h
www.xxx.yyy.zzz ipautofw -A -r udp 5009 5009 -h www.xxx.yyy.zzz
www.xxx.yyy.zzz is the IP of machine running Red Alert
Red Baron 3D 2.0.36 Just works as soon as you use standard forwarding.
Remote Desktop 32 2.2.13 ipmasqadm autofw -A -r tcp 5044 5050 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 5044 5050 -h www.xxx.yyy.zzz This
will allow a machine behind the linux masq machine to be controlled by
McAfee Remote Desktop 32. A machine behind the linux masq can control
any machine without needing to make an autofw rule.
Remotely Possible v3.2 2.0.30
Remotely Possible v3.2a (host) 2.0.32 ipmasqadm autofw -A -r tcp 799
799 -h www.xxx.yyy.zzz ipautofw -A -r tcp 799 799 -h www.xxx.yyy.zzz
You can also change the listening port in the RP host and adjust the
ipautofw command accordingly.
Rlogin/Rcp 0.0.0 ipmasqadm autofw -A -d tcp 512 1023 ipautofw -A -d
tcp 512 1023 [NOTE: I have issues using any of the \"r\" commands over
the internet. Better to use telnet and tcp wrappers, etc. -seg] This
little trick allows rlogin, but not rsh or rexec from masq\'d hosts to
external sites.
Roger Wilco 2.2.5-22 ipchains -A input -p udp -d www.xxx.yyy.zzz 3782
Rogue Spear 2.2.12 ipmasqadm autofw -A -r udp 2346 2348 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 2346 2348 -h
www.xxx.yyy.zzz ipautofw -A -r udp 2346 2348 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 2346 2348 -h www.xxx.yyy.zzz Works perfectly if you
configure it to use a firewall, connecting directly to internet games
or via Mplayer. Tested with 2 clients inside the firewall. Use the
above ipautofw/ipchains scripts if you want to be the server.
Scour Media 2.0.34 ipmasqadm autofw -A -r tcp 139 139 -c tcp 139 -u
ipautofw -A -r tcp 139 139 -c tcp 139 -u This WILL mess up Samba if
running!!! You\'re actually better getting the Scour proxy perl script
from Scour but if you can\'t get it to run this does work.
Shout Cast Server 2.0.3x ipmasqadm autofw -A -r tcp -h www.xxx.yyy.zzz
ipautofw -A -r tcp -h www.xxx.yyy.zzz Just like any other tcp
listening app, punch a hole in your firewall.
SMB 2.0.30 This works fine through a normal masquerading setup. It
works like a charm -- but watch out for those TCP timeouts. Tim
Fletcher ([EMAIL PROTECTED]) writes: I have setup via port
fowarding of 137,138,139 the appearance of a SMB server on the
firewall which is really on a different machine.
Speak Freely v6.1b 2.0.30 ipmasqadm autofw -A -r udp 2074 2075 -c udp
2075 ipautofw -A -r udp 2074 2075 -c udp 2075 Available from
http://www.fourmilab.ch/speakfree/unix or
http://www.fourmilab.ch/speakfree/windows. Voice chat program which
runs on Windows as well as a number of unix flavours (including
Linux).
SQL*NET tools 2.0.x, 2.2.x ipmasqadm autofw -A -r tcp 1521 1521 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 1521 1521 -h www.xxx.yyy.zzz 1521
is the default TCP port for Oracle. Your site may have changed it. THe
configuration is in $ORACLE_HOME/network/admin/listener.ora. This
recipe is for outside access to a masq server. Access to a non-masq\'d
server from a masq client requires no special configuration.
SSH 2.0.30 Works in personal authentication mode -- i.e. you use a
personal key, rather than a machine key (which is the pseudo rsh
mode). This is partially due to the machine address not matching the
key address, and also due to the port being remapped into a
non-priveleged region.
StarCraft (battle.net) 2.0.33 ipmasqadm autofw -A -r udp 6112 6112 -c
tcp 6112 ipautofw -A -r udp 6112 6112 -c tcp 6112 This has been tested
and works GREAT! I am using Redhat 5.0 and have not had problems yet.
Starseige Tribes 2.0.36,2.2.1 No configuration necessary. Kernel
2.0.36: ipautofw -A -r udp 28000 28001 ipautofw -A -r tcp 28000 28001
Kernel 2.2.1: No configuration necessary. Works fine using the above
to play.
SubSpace 2.0.29, 2.2.12 Multiple players can play at the same time
form behind the firewall without any special configuration. Verified
on 2.2.12 by Ramiro Vergara
SuperFTP (FXP) 2.0.xx ip_masq_ftp.o This requires a patched version of
the ip_masq_ftp module. You can get it at
http://www/algonet.se/~cyrano. This is my first ever Linux code, and
just two lines added! I changed ip_masq_ftp so that it doesn\'t change
PORT commands if the IP address is not 192.168.x.x (i.e. not on the
LAN). I know very little about C/Linux coding, but it does seem to
work. If you find that it doesn\'t work for you, tell me!
Symantec Live Update 2.0.31 ip_masq_ftp.o Although the latest (stable)
kernel version doesn\'t hurt, loading ip_masq_ftp.o was probably the
solution all along.
Tanarus 2.0.30 ipmasqadm autofw -A -r udp 1024 1280 -h www.xxx.yyy.zzz
ipautofw -A -r udp 1024 1280 -h www.xxx.yyy.zzz Apparently Tanarus
opens a port and tries to get the server end to connect to your
system. The port it connects to is dynamic.
Telnet 2.0.30 This just works. However, remember that there is an idle
timeout on TCP connections (default 15 minutes).
TetriNET 2.0.33 Version 1.13 of TetriNET (the online version of crak,
IMHO) works fine over IP Masq as a client, with no special setup. I
have not tested the server functionality yet, and what ipautofw or
ipfwadm commands are needed for it to work.
The 4th Coming 2.0.34 ipmasqadm autofw -A -r udp 11677 11677 -c udp
11677 -u ipmasqadm autofw -A -r udp 11679 11679 -c udp 11679 -u
ipautofw -A -r udp 11677 11677 -c udp 11677 -u ipautofw -A -r udp
11679 11679 -c udp 11679 -u This game is still in open beta and is to
be sold to ISP\'s who may or may not have the ability to change these
ports. But as of right now the programs I have talked to say these are
the ports .
TheDJ Player 2.0.30 ip_masq_raudio.o Works fine, because it works on
http and realaudio I know you can block out hte annoying ad\'s by
blocking out access to a set of IP addresses of some ad company (I
forgot now, but as if you click on them anyway!)
Tiberian Sun: Command and Conquer III 2.2.12 ipmsqadm autofw -A -r udp
1234 1234 -h xxx.xxx.xxx.xxx ipmsqadm autofw -A -r udp 1234 1234 -h
xxx.xxx.xxx.xxx The Port is realy 1234!!!! This is no Fake. Where
xxx.xxx.xxx.xxx is the IP of the machine running Tiberian Sun.
Timbuktu Pro 2.0.30 ipmasqadm autofw -A -r tcp 1417 1420 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 407 407 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 1417 1420 -h www.xxx.yyy.zzz ipautofw -A -r udp 407
407 -h www.xxx.yyy.zzz This works for incoming connections to a TB2
machine behind the firwall.
Timbuktu Pro Client 2.0.30 Works great, no special configuration. I
have tested version 2.0 & 3.0 on the Mac, and 1.5.1 on Windows NT.
Total Annihilation 2.0.30 ipmasqadm autofw -A -r udp 1000 5000 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 1000 5000 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 47624 47624 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r udp 47624 47624 -h
www.xxx.yyy.zzz ipautofw -A -r udp 1000 5000 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 1000 5000 -h www.xxx.yyy.zzz ipautofw -A -r udp
47624 47624 -h www.xxx.yyy.zzz ipautofw -A -r udp 47624 47624 -h
www.xxx.yyy.zzz The ipautofw commands let you host a game where only
one person can join and you cant connect to games. I\'ve tried for
hours and this is about as far as I can get with it.. Lets hope
CaveDog release the port information or a proxy. Submitted by:
[EMAIL PROTECTED] Kernel: 2.0.30pre10 ipautofw -A -r udp low high -h
www.xxx.yyy.zzz On the contrary, if you use TEN, you can find out the
range of random ports currently allocated for that session. The
command to use is ipautofw -M -l. Then you can specify this range in
the command ipautofw -A -r udp low high -h www.xxx.yyy.zzz. I have
been successful in hosting a 3 player game. Any more players
shouldn\'t be a problem (just depends on everyone\'s type of
connection).
Ultima Online BETA test 2.0.30 It worked the first time I tried, with
no changes to my usual setup! No additional configuration necessary.
Unreal 2.0.33 None for normal operation. For a server: ipmasqadm
autofw -A -r udp 7777 7777 -h www.xxx.yyy.zzz None for normal
operation. For a server: ipautofw -A -r udp 7777 7777 -h
www.xxx.yyy.zzz Works with any standard IP masq configuration. No
modules necessary. If you want to run an Unreal server and have it
accessible through a masquerading firewall the above auto-forward rule
sets this up.
Unreal Tournament 2.2.14 ipmasqadm autofw -A -r udp 7777 7777 -h
192.168.1.10 -v ipmasqadm autofw -A -r udp 7778 7778 -h 192.168.1.10
-v ipmasqadm autofw -A -r udp 7779 7779 -h 192.168.1.10 -v # for the
Master Server list: ipmasqadm autofw -A -r udp 27900 27900 -h
192.168.1.10 -v ipautofw -A -r udp 7777 7777 -h 192.168.1.10 ipautofw
-A -r udp 7778 7778 -h 192.168.1.10 ipautofw -A -r udp 7779 7779 -h
192.168.1.10 # for the Master Server list ipautofw -A -r udp 27900
27900 -h 192.168.1.10 Substitute 192.168.1.10 for your internal
server. I have not tested throughly on 2.0.x series. Works like a
charm for server inside of the network.
VDO Live 2.0.30 ip_masq_vdolive.o Protocol implementation is
relatively fragile -- may break if the protocol is modified in any
way! This is a side effect of the way that VDO implemeneted their
protocol! Supported as part of the main kernel distribution.
VDO Phone 2.0.30 ip_masq_vdolive You need to add/modify the
ip_masq_vdolive module to read: insmod ip_masq_vdolive
ports=7000,7010,32649 You need to add/modify the ip_masq_vdolive
module to read: insmod ip_masq_vdolive ports=7000,7010,32649 This is a
response to a request that I saw on the requests page. I have not
tested this for I don\'t have vdolive. The information on ports is
from their web page. My best guess on this one is that you will be
able to send requests but not receive.
VDO Video 1.2.13 Works for me with this line in the inetd.conf: 7080
dgram udp wait root /usr/sbin/tcpd /usr/sbin/udpred www.xxx.yyy.zzz
7080 www.xxx.yyy.zzz is the Windows box. udpred can be found on the
Links page. Works for me with this line in the inetd.conf: 7080 dgram
udp wait root /usr/sbin/tcpd /usr/sbin/udpred www.xxx.yyy.zzz 7080
www.xxx.yyy.zzz is the Windows box. udpred can be found on the Links
page. VDO must then be configured to use 7080 as a hardwired port and
everything works fine.
VNC remote display system 2.0.33 ipmasqadm autofw -A -v -r tcp 5900
590d -h www.xxx.yyy.zzz ipmasqadm autofw -A -v -r tcp 5800 580d -h
www.xxx.yyy.zzz (for the java viewer) ipautofw -A -v -r tcp 5900 590d
-h www.xxx.yyy.zzz ipautofw -A -v -r tcp 5800 580d -h www.xxx.yyy.zzz
(for the java viewer) Where d>0 and is the highest display number that
you wish to access, and www.xxx.yyy.zzz is the target machines IP
address. The standard viewer software works fine with outbound
connections and a standard masquerade setup. Incoming connections work
via ipautofw. Great app and its GPL\'d. Go get it!
VoxChat 2.0.30 ipmasqadm autofw -A -r udp 15000 15025 -h
www.xxx.yyy.zzz ipmasqadm autofw -A -r tcp 15000 15025 -h
www.xxx.yyy.zzz ipautofw -A -r udp 15000 15025 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 15000 15025 -h www.xxx.yyy.zzz This works for
VoxChat v1.0-2.5. Where www.xxx.yyy.zzz is the IP of the client
running VoxChat. This allows for a total of 25 incomming audio
channels at one time. This may be much but you never know :)
VoxPhone 3.0 2.0.30 ipmasqadm autofw -A -p tcp 12380
www.xxx.yyy.zzz:12380 -v ipmasqadm autofw -A -p udp 12380
www.xxx.yyy.zzz:12380 -v ipautofw -A -p tcp 12380
www.xxx.yyy.zzz:12380 -v ipautofw -A -p udp 12380
www.xxx.yyy.zzz:12380 -v Voxphone 3.0 works fully (2 way voice,
conference, receive calls etc.) with the configuration above. Where
www.xxx.yyy.zzz is the win95 host behind masq which you want to use
Voxphone from. You can even receive incoming calls! Basically you just
tell the masq host to redirect all incoming tcp/udp traffic on port
12380 to the host www.xxx.yyy.zzz on port 12380. Note: The -p option
may not work on kernels below 2.0.30 as it may not be supported, also
check your ipautofw version and make sure it is a current one. I used
the -v option for a verbose output, so you can see a little more
clearly what you are doing.
Warbirds 2.01r3 2.0.33 ipmasqadm autofw -A -r tcp 912 912 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 912 912 -h www.xxx.yyy.zzz This is
only required to HOST a Warbirds H2H session. No changes are needed to
join a H2H session.
Warcraft II battle.net edition 2.2.11 Works fine with the default
settings.
Webcam (TrueTech) 2.0.x redir www.xxx.yyy.zzz 2047 2047 where
www.xxx.yyy.zzz is the address of the win 9x machine. redir
www.xxx.yyy.zzz 2047 2047 where www.xxx.yyy.zzz is the address of the
win 9x machine.
Webcam32 2.0.32 ipmasqadm autofw -A -r tcp 81 81 -h www.xxx.yyy.zzz
redir 192.168.1.3 81 81 Webcam32 does server push from a definable
port on a windows machine. I used redir 192.168.1.3 81 81 so that port
81 request to 206.80.6.123 (the linux machine) are sent over to
192.168.1.3 (the windows machine).
Webforce Compcore MPEG-1 Player 2.0 2.0.33 ipmasqadm autofw -A -r udp
1024 65535 -c udp 6311 ipautofw -A -r udp 1024 65535 -c udp 6311 As
far as I can see, 6311 is the first addres that is tried. If this does
not succeed, 6313 is tried. I also saw 7813 come by later. Generally
speaking: 6311 works for me, but you may have to experiment with other
control ports.
WebPhone 3.0 2.0.33 ipmasqadm autofw -A -p tcp 21845
www.xxx.yyy.zzz:21845 ipmasqadm autofw -A -p tcp 21845
www.xxx.yyy.zzz:21845 ipautofw -A -p tcp 21845 www.xxx.yyy.zzz:21845
ipautofw -A -p tcp 21845 www.xxx.yyy.zzz:21845 Works with WebPhone
3.0. www.xxx.yyy.zzz is the IP of the client running WebPhone.
Westwood Chat 2.0.30 Westwood Chat works 100%, no problems
(3.3ver-4.0)
Windows Networking 2.2.x I\'ve make a patch for Samba which makes it
possible for you hosts on your private LAN to show up in the \'Network
Neighborhood\' of your public LAN. You can browse the network from
your provate LAN normally and poeple from the public LAN can browse
your private LAN (only if you want that of course). see
http://malt-whisky.student.utwente.nl/nbfw/ [Note: Be VERY careful
with stuff like this, I can\'t think of a case where I would want this
function... -seg]
Windows Networking We made this work a couple of months ago (before
upgrading to 2.0.30), but the remote party had to extablish a PPP
connection with our masquerading host. That way, he would appear in
our \"netwok Neighborhood\". I don\'t know if it can work without the
PPP link though.
Windows Networking If you add a line to the \"lmhosts\" file under
WFW/95/NT3.5x/NT4.0 with the client\'s IP, you will be able to map
drives to the computer. If under 95/NT you do a \"Find Computer\" for
hte name, it will show up under Network Neighborhood.
Windows Terminal Server 4.0 Just redirect port 3389 to the Windows
Terminal server behind the firewall.
Windows Update 2.0.36 ipchains -A forward -j MASQ -S
www.xxx.yyy.zzz/24 -D 0.0.0.0/0 where www.xxx.yyy.zzz is either: a)
The network number of your internal network, or b) The ip address of
the machine you want windows update to work on. ipfwadm -F -a m -s
www.xxx.yyy.zzz/24 -D 0.0.0.0/0 where www.xxx.yyy.zzz is either: a)
The network number of your internal network, or b) The ip address of
the machine you want windows update to work on.
Worms2 ipmasqadm autofw -A -r tcp 1000 3000 -h www.xxx.yyy.zzz
ipmasqadm autofw -A -r ucp 1000 1029 -h www.xxx.yyy.zzz ipmasqadm
autofw -A -r tcp 1031 2210 -h www.xxx.yyy.zzz ipmasqadm autofw -A -r
tcp 2220 3212 -h www.xxx.yyy.zzz ipautofw -A -r tcp 1000 3000 -h
www.xxx.yyy.zzz ipautofw -A -r ucp 1000 1029 -h www.xxx.yyy.zzz
ipautofw -A -r tcp 1031 2210 -h www.xxx.yyy.zzz ipautofw -A -r tcp
2220 3212 -h www.xxx.yyy.zzz It is possible that more may be needed,
or less may be needed...It is also possible that to host a game more
may be needed... The clue was on the Worms2 website...they say they
use MS DirectPlay...so using the DirectPlay ipautofw\'s already listed
and a couple of netstats let me narrow it down a little.
X Windows ipmasqadm autofw -A -r tcp 6000 6000 -h www.xxx.yyy.zzz^M
ipmasqadm autofw -A -r ucp 6000 6000 -h www.xxx.yyy.zzz redir
192.168.1.2 6000 6000 & X is based at port 6000 for screen 0, 6001 for
screen 1, and so on. I use redir to pass that information on to the
one host I have for displaying X though I image you could assign a
screen to each host you need.
X Windows Other information on X Windows... Better solution is to
tunnel the X protocol through another transport, which can also apply
compression and the like. I find the best way is to use ssh and
transport X through that (happens automagically), setting a
compression level is good for this unless you have serious bandwidth
available. Alternaltively, look at dxpc:
http://ccwf.cc.utexas.edu/~zvonler/dxpc
X Windows Mohammad Rezaei has written a proxy server for X. You can
get it at: ftp://ftp.x.org/contrib/INCOMING/xforward2.tar.gz
X Windows ipmasqadm autofw -A -r tcp 6000 6100 -c tcp 23 ipmasqadm
autofw -A -r tcp 6000 6100 -c udp 177 ipmasqadm autofw -A -r tcp 6000
6100 -c tcp 6000 ipautofw -A -r tcp 6000 6100 -c tcp 23 ipautofw -A -r
tcp 6000 6100 -c udp 177 ipautofw -A -r tcp 6000 6100 -c tcp 6000 This
is from the README that comes with ipautofw. Anyone can read it from
there but some may not realize that it is there. This information is
said to have come from John Fulmer ([EMAIL PROTECTED])
Yahoo Pager 2.0.33 ipmasqadm autofw -A -r tcp 5050 5050 -h
www.xxx.yyy.zzz ipautofw -A -r tcp 5050 5050 -h www.xxx.yyy.zzz Unlike
ICQ, Yahoo Pager appears to only use one tcp port, 5050. This will
change when they incorporate direct chat and file sending functions.
Do NOT use ICQ\'s ports, as Yahoo Pager and ICQ *WILL* crash if you
are unlucky enough for them to use the same port at the same time.
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
