RE: [hlds_linux] Iptables help! ;-)
Thanks Kennycom!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kennycom
Sent: Thursday, December 30, 2004 4:59 AM
To: hlds_linux@list.valvesoftware.com
Subject: Re: [hlds_linux] Iptables help! ;-)
As I had said, the Iptable string needs to tailored per the setup on the box
it is used on. In usage with FFW the box has 2 NIC's,, the inside NIC is
referred to as the INSIDE_DEVICE (aka eth1). If there are not going to be
any client machines ran on the network access the game server then you can
pretty much drop the POSTROUTING string. It just insures that inside
machines can view servers on that port using the WAN IP from inside the
network.
Kennycom
- Original Message -
From: "danal1" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, December 29, 2004 4:56 PM
Subject: RE: [hlds_linux] Iptables help! ;-)
> Thanks Kennycom!
>
> One more pesky question, I looked on Floppyfw site and
> in my config file. What is an ${INSIDE_DEVICE} ?
>
> I understand internal network and outside ip etc but what
> is an ${INSIDE_DEVICE}?
> Thanks for all you help!
>
> Dana
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Kennycom
> Sent: Sunday, December 26, 2004 5:52 PM
> To: hlds_linux@list.valvesoftware.com
> Subject: Re: [hlds_linux] Iptables help! ;-)
>
>
> Yes Kennycom1 is bound to a static internal IP. If you look on your FFW
> floppy and open the firewall.ini file (Firewall Configurations Settings
> file
> if viewed on a windows box) you will find your Iptable in there, and you
> will see how to bind whatever name you want to use for your game server to
> an IP...
>
>
> - Original Message -----
> From: "danal1" <[EMAIL PROTECTED]>
> To:
> Sent: Sunday, December 26, 2004 8:23 AM
> Subject: RE: [hlds_linux] Iptables help! ;-)
>
>
>> Hi Kennycom,
>> Thanks for the reply!
>>
>> Is Kennycom1_ip your server inside your nat network
>> using an inside ip?
>>
>> -Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] Behalf Of Kennycom
>> Sent: Saturday, December 25, 2004 10:38 PM
>> To: hlds_linux@list.valvesoftware.com
>> Subject: Re: [hlds_linux] Iptables help! ;-)
>>
>>
>> Here is my iptables setup,, there is a port range, as at times I have
>> more
>> then 1 server running (CSS/HL2dm). If you are just going to be running 1
>> game process on the 1 server then edit it . I am sure that someone here
>> will
>> probably point out a few lines that could be dropped for your purposes.
>> If
>> there is no need to insure access from the inside network to the
>> gameserver
>> with a client game then drop the postrouting strings, as they are
>> probably
>> redundent but help insure everything works.
>>
>> # CS
>>
>> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 1200 -j
>> DNAT --to ${KENNYCOM1_IP}:1200
>>
>> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 1200 -o
>> ${INSIDE_DEVICE} -j ACCEPT
>>
>> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27020 -j
>> DNAT --to ${KENNYCOM1_IP}:27020
>>
>> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27020 -o
>> ${INSIDE_DEVICE} -j ACCEPT
>>
>> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport
>> 27000:27016 -j
>> DNAT --to ${KENNYCOM1_IP}:27000-27016
>>
>> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27000:27016 -o
>> ${INSIDE_DEVICE} -j ACCEPT
>>
>> iptables -A POSTROUTING -t nat -p udp -d ${KENNYCOM1_IP} --dport
>> 27000:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
>> ${OUTSIDE_IP}
>>
>> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
>> 27030:27039 -j
>> DNAT --to ${KENNYCOM1_IP}:27030-27039
>>
>> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27030:27039 -o
>> ${INSIDE_DEVICE} -j ACCEPT
>>
>> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
>> 27030:27039 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
>> ${OUTSIDE_IP}
>>
>> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
>> 27015:27016 -j
>> DNAT --to ${KENNYCOM1_IP}:27015-27016
>>
>> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27015:27016 -o
>> ${INSIDE_DEVICE} -j ACCEPT
>>
>> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
>> 27015:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
>> ${OUTSIDE_IP}
>>
>>
>> Other information can be found at www.iptables.org
>&g
Re: [hlds_linux] Iptables help! ;-)
That almost sounds as if you are logged into steam with the wrong client, it
is not recognizing that you have purchased the game
- Original Message -
From: "danal1" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, December 29, 2004 8:15 PM
Subject: RE: [hlds_linux] Iptables help! ;-)
> Thanks,
>
> The server is working for internet clients, I cannot see it on the lan ;-(
>
> I am checking my floppyfw rules. I can see the server with my internal ip
> address and port 27015
>
> in Steam but when I click on it, I get sent to the Steam game browser. (it
> shows me what games are available
> for purchase through Steam) I must have something set wrong on my FloppyFW
> I
> am checking.
> Thanks for the help!
> Dana
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of ScratchMonkey
> Sent: Wednesday, December 29, 2004 10:38 PM
> To: hlds_linux@list.valvesoftware.com
> Subject: RE: [hlds_linux] Iptables help! ;-)
>
>
> --On Wednesday, December 29, 2004 7:56 PM -0500 danal1
> <[EMAIL PROTECTED]>
> wrote:
>
>> I understand internal network and outside ip etc but what
>> is an ${INSIDE_DEVICE}?
>> Thanks for all you help!
>
> A "network" is a set of addresses, usually specified by a base address and
> a netmask, like 192.168.0.0/24. A device is either a physical network card
> or a logical interface like the loopback interface or a tunnel ("tun")
> device. It typically has a name like eth0, eth1, tun0, tun1, and lo. A
> single device can have multiple addresses associated with it. These are
> typically referred to by adding a colon and a digit to a device. So for
> example eth1:1 is the 2nd (alias) address on eth1.
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/2004
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/2004
>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Iptables help! ;-)
As I had said, the Iptable string needs to tailored per the setup on the box
it is used on. In usage with FFW the box has 2 NIC's,, the inside NIC is
referred to as the INSIDE_DEVICE (aka eth1). If there are not going to be
any client machines ran on the network access the game server then you can
pretty much drop the POSTROUTING string. It just insures that inside
machines can view servers on that port using the WAN IP from inside the
network.
Kennycom
- Original Message -
From: "danal1" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, December 29, 2004 4:56 PM
Subject: RE: [hlds_linux] Iptables help! ;-)
> Thanks Kennycom!
>
> One more pesky question, I looked on Floppyfw site and
> in my config file. What is an ${INSIDE_DEVICE} ?
>
> I understand internal network and outside ip etc but what
> is an ${INSIDE_DEVICE}?
> Thanks for all you help!
>
> Dana
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Kennycom
> Sent: Sunday, December 26, 2004 5:52 PM
> To: hlds_linux@list.valvesoftware.com
> Subject: Re: [hlds_linux] Iptables help! ;-)
>
>
> Yes Kennycom1 is bound to a static internal IP. If you look on your FFW
> floppy and open the firewall.ini file (Firewall Configurations Settings
> file
> if viewed on a windows box) you will find your Iptable in there, and you
> will see how to bind whatever name you want to use for your game server to
> an IP...
>
>
> - Original Message -----
> From: "danal1" <[EMAIL PROTECTED]>
> To:
> Sent: Sunday, December 26, 2004 8:23 AM
> Subject: RE: [hlds_linux] Iptables help! ;-)
>
>
>> Hi Kennycom,
>> Thanks for the reply!
>>
>> Is Kennycom1_ip your server inside your nat network
>> using an inside ip?
>>
>> -Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] Behalf Of Kennycom
>> Sent: Saturday, December 25, 2004 10:38 PM
>> To: hlds_linux@list.valvesoftware.com
>> Subject: Re: [hlds_linux] Iptables help! ;-)
>>
>>
>> Here is my iptables setup,, there is a port range, as at times I have
>> more
>> then 1 server running (CSS/HL2dm). If you are just going to be running 1
>> game process on the 1 server then edit it . I am sure that someone here
>> will
>> probably point out a few lines that could be dropped for your purposes.
>> If
>> there is no need to insure access from the inside network to the
>> gameserver
>> with a client game then drop the postrouting strings, as they are
>> probably
>> redundent but help insure everything works.
>>
>> # CS
>>
>> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 1200 -j
>> DNAT --to ${KENNYCOM1_IP}:1200
>>
>> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 1200 -o
>> ${INSIDE_DEVICE} -j ACCEPT
>>
>> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27020 -j
>> DNAT --to ${KENNYCOM1_IP}:27020
>>
>> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27020 -o
>> ${INSIDE_DEVICE} -j ACCEPT
>>
>> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport
>> 27000:27016 -j
>> DNAT --to ${KENNYCOM1_IP}:27000-27016
>>
>> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27000:27016 -o
>> ${INSIDE_DEVICE} -j ACCEPT
>>
>> iptables -A POSTROUTING -t nat -p udp -d ${KENNYCOM1_IP} --dport
>> 27000:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
>> ${OUTSIDE_IP}
>>
>> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
>> 27030:27039 -j
>> DNAT --to ${KENNYCOM1_IP}:27030-27039
>>
>> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27030:27039 -o
>> ${INSIDE_DEVICE} -j ACCEPT
>>
>> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
>> 27030:27039 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
>> ${OUTSIDE_IP}
>>
>> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
>> 27015:27016 -j
>> DNAT --to ${KENNYCOM1_IP}:27015-27016
>>
>> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27015:27016 -o
>> ${INSIDE_DEVICE} -j ACCEPT
>>
>> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
>> 27015:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
>> ${OUTSIDE_IP}
>>
>>
>> Other information can be found at www.iptables.org
>>
>> =)
>> - Original Message -
>> From: "danal1" <[EMAIL PROTECTED]>
>> To:
>> Sent: Saturday, December 25, 2004 3:37 PM
>> Subject: [hlds_linux] Iptables help!
RE: [hlds_linux] Iptables help! ;-)
Thanks,
The server is working for internet clients, I cannot see it on the lan ;-(
I am checking my floppyfw rules. I can see the server with my internal ip
address and port 27015
in Steam but when I click on it, I get sent to the Steam game browser. (it
shows me what games are available
for purchase through Steam) I must have something set wrong on my FloppyFW I
am checking.
Thanks for the help!
Dana
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of ScratchMonkey
Sent: Wednesday, December 29, 2004 10:38 PM
To: hlds_linux@list.valvesoftware.com
Subject: RE: [hlds_linux] Iptables help! ;-)
--On Wednesday, December 29, 2004 7:56 PM -0500 danal1 <[EMAIL PROTECTED]>
wrote:
> I understand internal network and outside ip etc but what
> is an ${INSIDE_DEVICE}?
> Thanks for all you help!
A "network" is a set of addresses, usually specified by a base address and
a netmask, like 192.168.0.0/24. A device is either a physical network card
or a logical interface like the loopback interface or a tunnel ("tun")
device. It typically has a name like eth0, eth1, tun0, tun1, and lo. A
single device can have multiple addresses associated with it. These are
typically referred to by adding a colon and a digit to a device. So for
example eth1:1 is the 2nd (alias) address on eth1.
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/2004
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 12/28/2004
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Iptables help! ;-)
--On Wednesday, December 29, 2004 7:56 PM -0500 danal1 <[EMAIL PROTECTED]>
wrote:
I understand internal network and outside ip etc but what
is an ${INSIDE_DEVICE}?
Thanks for all you help!
A "network" is a set of addresses, usually specified by a base address and
a netmask, like 192.168.0.0/24. A device is either a physical network card
or a logical interface like the loopback interface or a tunnel ("tun")
device. It typically has a name like eth0, eth1, tun0, tun1, and lo. A
single device can have multiple addresses associated with it. These are
typically referred to by adding a colon and a digit to a device. So for
example eth1:1 is the 2nd (alias) address on eth1.
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Iptables help! ;-)
Thanks Kennycom!
One more pesky question, I looked on Floppyfw site and
in my config file. What is an ${INSIDE_DEVICE} ?
I understand internal network and outside ip etc but what
is an ${INSIDE_DEVICE}?
Thanks for all you help!
Dana
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kennycom
Sent: Sunday, December 26, 2004 5:52 PM
To: hlds_linux@list.valvesoftware.com
Subject: Re: [hlds_linux] Iptables help! ;-)
Yes Kennycom1 is bound to a static internal IP. If you look on your FFW
floppy and open the firewall.ini file (Firewall Configurations Settings file
if viewed on a windows box) you will find your Iptable in there, and you
will see how to bind whatever name you want to use for your game server to
an IP...
- Original Message -
From: "danal1" <[EMAIL PROTECTED]>
To:
Sent: Sunday, December 26, 2004 8:23 AM
Subject: RE: [hlds_linux] Iptables help! ;-)
> Hi Kennycom,
> Thanks for the reply!
>
> Is Kennycom1_ip your server inside your nat network
> using an inside ip?
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Kennycom
> Sent: Saturday, December 25, 2004 10:38 PM
> To: hlds_linux@list.valvesoftware.com
> Subject: Re: [hlds_linux] Iptables help! ;-)
>
>
> Here is my iptables setup,, there is a port range, as at times I have more
> then 1 server running (CSS/HL2dm). If you are just going to be running 1
> game process on the 1 server then edit it . I am sure that someone here
> will
> probably point out a few lines that could be dropped for your purposes. If
> there is no need to insure access from the inside network to the
> gameserver
> with a client game then drop the postrouting strings, as they are probably
> redundent but help insure everything works.
>
> # CS
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 1200 -j
> DNAT --to ${KENNYCOM1_IP}:1200
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 1200 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27020 -j
> DNAT --to ${KENNYCOM1_IP}:27020
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27020 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport
> 27000:27016 -j
> DNAT --to ${KENNYCOM1_IP}:27000-27016
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27000:27016 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p udp -d ${KENNYCOM1_IP} --dport
> 27000:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
> 27030:27039 -j
> DNAT --to ${KENNYCOM1_IP}:27030-27039
>
> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27030:27039 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
> 27030:27039 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
> 27015:27016 -j
> DNAT --to ${KENNYCOM1_IP}:27015-27016
>
> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27015:27016 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
> 27015:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
>
> Other information can be found at www.iptables.org
>
> =)
> - Original Message -
> From: "danal1" <[EMAIL PROTECTED]>
> To:
> Sent: Saturday, December 25, 2004 3:37 PM
> Subject: [hlds_linux] Iptables help! ;-)
>
>
>> Hi,
>> Does anyone use the Linux server behind an iptables firewall?
>>
>> If so, could you email your Ipmasquerade and forwarding rules and port
>> settings tcp and udp for
>> the HLDS?
>>
>> Thanks!
>>
>> This is a great list to be on!
>> Dana
>>
>>
>> --
>> No virus found in this outgoing message.
>> Checked by AVG Anti-Virus.
>> Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004
>>
>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/2
RE: [hlds_linux] Iptables help! ;-)
--On Monday, December 27, 2004 11:09 PM -0500 [EMAIL PROTECTED] wrote: Whats the command to open up firewall ports? Depends on your setup. When the system first boots, no ports are blocked. Your distro may have installed some iptables commands to block some or all ports. We don't know what you have, so we can't say more. Try "iptables -L" to see if there's any rules in place. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Iptables help! ;-)
Whats the command to open up firewall ports? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of ScratchMonkey Sent: Sunday, December 26, 2004 12:14 AM To: hlds_linux@list.valvesoftware.com Subject: Re: [hlds_linux] Iptables help! ;-) Some extra stuff to add: iptables -t mangle -A PREROUTING -p udp -j TOS --set-tos Minimize-Delay This takes every UDP packet and sets the Type of Service field to request that routers give it priority. Now download the Wondershaper from http://lartc.org/ and set the upstream and downstream values to match your connection and run it with each boot. It will set up priority queues for your network cards, and the above iptables command will ensure that your UDP packets go out before any TCP packets (like P2P and other file transfer stuff). It also gives priority to TCP acks, which keeps big uploads from interfering with downloads (including web viewing). For endpoints, run the same iptables command with PREROUTING changed to OUTPUT. (PREROUTING is for forwarders (ie. routers), while OUTPUT is used for endpoints (like game servers). If you use a Linksys WRT54G/GS (the S version has the super wireless mode and more memory), you're running a Linux router. Get the replacement firmware at http://Sveasoft.com/. It has the wondershaper built in (enable the QoS feature) and you just need to send it the above iptables command using one of the menus. All of this also applies for clients, not just servers, and for VOIP as well as game traffic (since VOIP is usually UDP-based). ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Iptables help! ;-)
I compiled my own with some performance patches. I made some more changes and am recompiling now. Heres a good link I found btw... http://plastic.tresobis.org/docs/IPTABLES.html (someone may have posted this earlier, im too lazy to look atm) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Patrick Gissberg Sent: Sunday, December 26, 2004 7:58 PM To: hlds_linux@list.valvesoftware.com Subject: SV: [hlds_linux] Iptables help! ;-) Are you sure Packet mangling is enabled in your kernel? I run Gentoo 2004.3 but I don't NAT anything, just a simple firewall(using iptables). Did you configure your own kernel or used a vanilla one? I use Linux Kernel v2.6.9-gentoo-r9. /Patrick Gissberg -Ursprungligt meddelande- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För [EMAIL PROTECTED] Skickat: den 27 december 2004 01:36 Till: hlds_linux@list.valvesoftware.com Ämne: RE: [hlds_linux] Iptables help! ;-) Anyone running Gentoo? FATAL: Module ip_tables not found. iptables v1.2.11: can't initialize iptables table `mangle': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. I know iptables is in the kernel not as a module. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Iptables help! ;-)
Anyone running Gentoo?
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `mangle': Table does not
exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
I know iptables is in the kernel not as a module.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of danal1
Sent: Sunday, December 26, 2004 6:03 PM
To: hlds_linux@list.valvesoftware.com
Subject: RE: [hlds_linux] Iptables help! ;-)
Thank You!
I used your iptables settings and I cannot see the cstrike server internally
nor can anyone see it on the internet. I am reloading my server with Gentoo
Fedora Core 1 was flaky. I have run different Linux distros for years
and none ever crashed closing a Konqueror window except Fedora Core 1.
I appreciate the response and I will try again once I get my server
reloaded.
Dana
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kennycom
Sent: Sunday, December 26, 2004 5:52 PM
To: hlds_linux@list.valvesoftware.com
Subject: Re: [hlds_linux] Iptables help! ;-)
Yes Kennycom1 is bound to a static internal IP. If you look on your FFW
floppy and open the firewall.ini file (Firewall Configurations Settings file
if viewed on a windows box) you will find your Iptable in there, and you
will see how to bind whatever name you want to use for your game server to
an IP...
- Original Message -
From: "danal1" <[EMAIL PROTECTED]>
To:
Sent: Sunday, December 26, 2004 8:23 AM
Subject: RE: [hlds_linux] Iptables help! ;-)
> Hi Kennycom,
> Thanks for the reply!
>
> Is Kennycom1_ip your server inside your nat network
> using an inside ip?
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Kennycom
> Sent: Saturday, December 25, 2004 10:38 PM
> To: hlds_linux@list.valvesoftware.com
> Subject: Re: [hlds_linux] Iptables help! ;-)
>
>
> Here is my iptables setup,, there is a port range, as at times I have more
> then 1 server running (CSS/HL2dm). If you are just going to be running 1
> game process on the 1 server then edit it . I am sure that someone here
> will
> probably point out a few lines that could be dropped for your purposes. If
> there is no need to insure access from the inside network to the
> gameserver
> with a client game then drop the postrouting strings, as they are probably
> redundent but help insure everything works.
>
> # CS
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 1200 -j
> DNAT --to ${KENNYCOM1_IP}:1200
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 1200 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27020 -j
> DNAT --to ${KENNYCOM1_IP}:27020
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27020 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport
> 27000:27016 -j
> DNAT --to ${KENNYCOM1_IP}:27000-27016
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27000:27016 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p udp -d ${KENNYCOM1_IP} --dport
> 27000:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
> 27030:27039 -j
> DNAT --to ${KENNYCOM1_IP}:27030-27039
>
> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27030:27039 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
> 27030:27039 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
> 27015:27016 -j
> DNAT --to ${KENNYCOM1_IP}:27015-27016
>
> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27015:27016 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
> 27015:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
>
> Other information can be found at www.iptables.org
>
> =)
> - Original Message -
> From: "danal1" <[EMAIL PROTECTED]>
> To:
> Sent: Saturday, December 25, 2004 3:37 PM
> Subject: [hlds_linux] Iptables help! ;-)
>
>
>> Hi,
>> Does anyone use the Linux server behind an iptables firewall?
>>
>> If so, could you email your Ipmasquerade and forwarding rules and port
>> settings tcp and udp for
>> the HLDS?
>>
>> Thanks!
>>
>> This is a great list to be on!
>> Dana
>>
>>
>> --
>> No virus found in this outgoing message.
>> Checked by AVG Anti-Virus.
>> Version: 7.0.296 / Virus Database: 265.6.4 -
RE: [hlds_linux] Iptables help! ;-)
Thank You!
I used your iptables settings and I cannot see the cstrike server internally
nor can anyone see it on the internet. I am reloading my server with Gentoo
Fedora Core 1 was flaky. I have run different Linux distros for years
and none ever crashed closing a Konqueror window except Fedora Core 1.
I appreciate the response and I will try again once I get my server
reloaded.
Dana
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kennycom
Sent: Sunday, December 26, 2004 5:52 PM
To: hlds_linux@list.valvesoftware.com
Subject: Re: [hlds_linux] Iptables help! ;-)
Yes Kennycom1 is bound to a static internal IP. If you look on your FFW
floppy and open the firewall.ini file (Firewall Configurations Settings file
if viewed on a windows box) you will find your Iptable in there, and you
will see how to bind whatever name you want to use for your game server to
an IP...
- Original Message -
From: "danal1" <[EMAIL PROTECTED]>
To:
Sent: Sunday, December 26, 2004 8:23 AM
Subject: RE: [hlds_linux] Iptables help! ;-)
> Hi Kennycom,
> Thanks for the reply!
>
> Is Kennycom1_ip your server inside your nat network
> using an inside ip?
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Kennycom
> Sent: Saturday, December 25, 2004 10:38 PM
> To: hlds_linux@list.valvesoftware.com
> Subject: Re: [hlds_linux] Iptables help! ;-)
>
>
> Here is my iptables setup,, there is a port range, as at times I have more
> then 1 server running (CSS/HL2dm). If you are just going to be running 1
> game process on the 1 server then edit it . I am sure that someone here
> will
> probably point out a few lines that could be dropped for your purposes. If
> there is no need to insure access from the inside network to the
> gameserver
> with a client game then drop the postrouting strings, as they are probably
> redundent but help insure everything works.
>
> # CS
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 1200 -j
> DNAT --to ${KENNYCOM1_IP}:1200
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 1200 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27020 -j
> DNAT --to ${KENNYCOM1_IP}:27020
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27020 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport
> 27000:27016 -j
> DNAT --to ${KENNYCOM1_IP}:27000-27016
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27000:27016 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p udp -d ${KENNYCOM1_IP} --dport
> 27000:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
> 27030:27039 -j
> DNAT --to ${KENNYCOM1_IP}:27030-27039
>
> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27030:27039 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
> 27030:27039 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
> 27015:27016 -j
> DNAT --to ${KENNYCOM1_IP}:27015-27016
>
> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27015:27016 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
> 27015:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
>
> Other information can be found at www.iptables.org
>
> =)
> - Original Message -
> From: "danal1" <[EMAIL PROTECTED]>
> To:
> Sent: Saturday, December 25, 2004 3:37 PM
> Subject: [hlds_linux] Iptables help! ;-)
>
>
>> Hi,
>> Does anyone use the Linux server behind an iptables firewall?
>>
>> If so, could you email your Ipmasquerade and forwarding rules and port
>> settings tcp and udp for
>> the HLDS?
>>
>> Thanks!
>>
>> This is a great list to be on!
>> Dana
>>
>>
>> --
>> No virus found in this outgoing message.
>> Checked by AVG Anti-Virus.
>> Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004
>>
>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Iptables help! ;-)
Yes Kennycom1 is bound to a static internal IP. If you look on your FFW
floppy and open the firewall.ini file (Firewall Configurations Settings file
if viewed on a windows box) you will find your Iptable in there, and you
will see how to bind whatever name you want to use for your game server to
an IP...
- Original Message -
From: "danal1" <[EMAIL PROTECTED]>
To:
Sent: Sunday, December 26, 2004 8:23 AM
Subject: RE: [hlds_linux] Iptables help! ;-)
Hi Kennycom,
Thanks for the reply!
Is Kennycom1_ip your server inside your nat network
using an inside ip?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kennycom
Sent: Saturday, December 25, 2004 10:38 PM
To: hlds_linux@list.valvesoftware.com
Subject: Re: [hlds_linux] Iptables help! ;-)
Here is my iptables setup,, there is a port range, as at times I have more
then 1 server running (CSS/HL2dm). If you are just going to be running 1
game process on the 1 server then edit it . I am sure that someone here
will
probably point out a few lines that could be dropped for your purposes. If
there is no need to insure access from the inside network to the
gameserver
with a client game then drop the postrouting strings, as they are probably
redundent but help insure everything works.
# CS
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 1200 -j
DNAT --to ${KENNYCOM1_IP}:1200
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 1200 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27020 -j
DNAT --to ${KENNYCOM1_IP}:27020
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27020 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport
27000:27016 -j
DNAT --to ${KENNYCOM1_IP}:27000-27016
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27000:27016 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p udp -d ${KENNYCOM1_IP} --dport
27000:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
27030:27039 -j
DNAT --to ${KENNYCOM1_IP}:27030-27039
iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27030:27039 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
27030:27039 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
27015:27016 -j
DNAT --to ${KENNYCOM1_IP}:27015-27016
iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27015:27016 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
27015:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
Other information can be found at www.iptables.org
=)
- Original Message -
From: "danal1" <[EMAIL PROTECTED]>
To:
Sent: Saturday, December 25, 2004 3:37 PM
Subject: [hlds_linux] Iptables help! ;-)
Hi,
Does anyone use the Linux server behind an iptables firewall?
If so, could you email your Ipmasquerade and forwarding rules and port
settings tcp and udp for
the HLDS?
Thanks!
This is a great list to be on!
Dana
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.5 - Release Date: 12/26/2004
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Iptables help! ;-)
Hi Kennycom,
Thanks for the reply!
Is Kennycom1_ip your server inside your nat network
using an inside ip?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kennycom
Sent: Saturday, December 25, 2004 10:38 PM
To: hlds_linux@list.valvesoftware.com
Subject: Re: [hlds_linux] Iptables help! ;-)
Here is my iptables setup,, there is a port range, as at times I have more
then 1 server running (CSS/HL2dm). If you are just going to be running 1
game process on the 1 server then edit it . I am sure that someone here will
probably point out a few lines that could be dropped for your purposes. If
there is no need to insure access from the inside network to the gameserver
with a client game then drop the postrouting strings, as they are probably
redundent but help insure everything works.
# CS
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 1200 -j
DNAT --to ${KENNYCOM1_IP}:1200
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 1200 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27020 -j
DNAT --to ${KENNYCOM1_IP}:27020
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27020 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27000:27016 -j
DNAT --to ${KENNYCOM1_IP}:27000-27016
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27000:27016 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p udp -d ${KENNYCOM1_IP} --dport
27000:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 27030:27039 -j
DNAT --to ${KENNYCOM1_IP}:27030-27039
iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27030:27039 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
27030:27039 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 27015:27016 -j
DNAT --to ${KENNYCOM1_IP}:27015-27016
iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27015:27016 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
27015:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
Other information can be found at www.iptables.org
=)
- Original Message -
From: "danal1" <[EMAIL PROTECTED]>
To:
Sent: Saturday, December 25, 2004 3:37 PM
Subject: [hlds_linux] Iptables help! ;-)
> Hi,
> Does anyone use the Linux server behind an iptables firewall?
>
> If so, could you email your Ipmasquerade and forwarding rules and port
> settings tcp and udp for
> the HLDS?
>
> Thanks!
>
> This is a great list to be on!
> Dana
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004
>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.5 - Release Date: 12/26/2004
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Iptables help! ;-)
This is what I am using that Iptable with...
http://www.zelow.no/floppyfw/index.html
It does work, I have no problems with any of the games I have hosted thus
far reaching the masterlists. ScratchMonkey FFW also supports wondershaper,
I have not dove into using it as of yet though...
- Original Message -
From: "Nathan Marcus" <[EMAIL PROTECTED]>
To:
Sent: Saturday, December 25, 2004 9:11 PM
Subject: Re: [hlds_linux] Iptables help! ;-)
Iptables does it actually make it advertise on the master lists? I tried
for about 3 months, and got everything (people could direct connect),
except
it being on a master list. And it wasn't just Iptables, it was Freesco,
and
Coyote too. And yes I know its all the same, just kernel variants (linux
mailing list, I could be killed if I didn't say that) Then as soon as I
could hookup a Trendnet Router I got, the CS server was up in full force
in
under an hour. I don't wish to pan the linux router, because its a
freakin
awesome thing to do with old equipment that has "passed its finest hour."
Just curious "after the fact" if it totally works I guess.
- Original Message -
From: "Kennycom" <[EMAIL PROTECTED]>
To:
Sent: Saturday, December 25, 2004 10:37 PM
Subject: Re: [hlds_linux] Iptables help! ;-)
Here is my iptables setup,, there is a port range, as at times I have
more
then 1 server running (CSS/HL2dm). If you are just going to be running 1
game process on the 1 server then edit it . I am sure that someone here
will
probably point out a few lines that could be dropped for your purposes.
If
there is no need to insure access from the inside network to the
gameserver
with a client game then drop the postrouting strings, as they are
probably
redundent but help insure everything works.
# CS
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 1200 -j
DNAT --to ${KENNYCOM1_IP}:1200
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 1200 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27020 -j
DNAT --to ${KENNYCOM1_IP}:27020
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27020 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport
27000:27016 -j
DNAT --to ${KENNYCOM1_IP}:27000-27016
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27000:27016 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p udp -d ${KENNYCOM1_IP} --dport
27000:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
27030:27039 -j
DNAT --to ${KENNYCOM1_IP}:27030-27039
iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27030:27039 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
27030:27039 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
27015:27016 -j
DNAT --to ${KENNYCOM1_IP}:27015-27016
iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27015:27016 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
27015:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
Other information can be found at www.iptables.org
=)
- Original Message -
From: "danal1" <[EMAIL PROTECTED]>
To:
Sent: Saturday, December 25, 2004 3:37 PM
Subject: [hlds_linux] Iptables help! ;-)
> Hi,
> Does anyone use the Linux server behind an iptables firewall?
>
> If so, could you email your Ipmasquerade and forwarding rules and port
> settings tcp and udp for
> the HLDS?
>
> Thanks!
>
> This is a great list to be on!
> Dana
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004
>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Iptables help! ;-)
Some extra stuff to add: iptables -t mangle -A PREROUTING -p udp -j TOS --set-tos Minimize-Delay This takes every UDP packet and sets the Type of Service field to request that routers give it priority. Now download the Wondershaper from http://lartc.org/ and set the upstream and downstream values to match your connection and run it with each boot. It will set up priority queues for your network cards, and the above iptables command will ensure that your UDP packets go out before any TCP packets (like P2P and other file transfer stuff). It also gives priority to TCP acks, which keeps big uploads from interfering with downloads (including web viewing). For endpoints, run the same iptables command with PREROUTING changed to OUTPUT. (PREROUTING is for forwarders (ie. routers), while OUTPUT is used for endpoints (like game servers). If you use a Linksys WRT54G/GS (the S version has the super wireless mode and more memory), you're running a Linux router. Get the replacement firmware at http://Sveasoft.com/. It has the wondershaper built in (enable the QoS feature) and you just need to send it the above iptables command using one of the menus. All of this also applies for clients, not just servers, and for VOIP as well as game traffic (since VOIP is usually UDP-based). ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Iptables help! ;-)
Iptables does it actually make it advertise on the master lists? I tried
for about 3 months, and got everything (people could direct connect), except
it being on a master list. And it wasn't just Iptables, it was Freesco, and
Coyote too. And yes I know its all the same, just kernel variants (linux
mailing list, I could be killed if I didn't say that) Then as soon as I
could hookup a Trendnet Router I got, the CS server was up in full force in
under an hour. I don't wish to pan the linux router, because its a freakin
awesome thing to do with old equipment that has "passed its finest hour."
Just curious "after the fact" if it totally works I guess.
- Original Message -
From: "Kennycom" <[EMAIL PROTECTED]>
To:
Sent: Saturday, December 25, 2004 10:37 PM
Subject: Re: [hlds_linux] Iptables help! ;-)
> Here is my iptables setup,, there is a port range, as at times I have more
> then 1 server running (CSS/HL2dm). If you are just going to be running 1
> game process on the 1 server then edit it . I am sure that someone here
will
> probably point out a few lines that could be dropped for your purposes. If
> there is no need to insure access from the inside network to the
gameserver
> with a client game then drop the postrouting strings, as they are probably
> redundent but help insure everything works.
>
> # CS
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 1200 -j
> DNAT --to ${KENNYCOM1_IP}:1200
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 1200 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27020 -j
> DNAT --to ${KENNYCOM1_IP}:27020
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27020 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport
27000:27016 -j
> DNAT --to ${KENNYCOM1_IP}:27000-27016
>
> iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27000:27016 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p udp -d ${KENNYCOM1_IP} --dport
> 27000:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
27030:27039 -j
> DNAT --to ${KENNYCOM1_IP}:27030-27039
>
> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27030:27039 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
> 27030:27039 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
> iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport
27015:27016 -j
> DNAT --to ${KENNYCOM1_IP}:27015-27016
>
> iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27015:27016 -o
> ${INSIDE_DEVICE} -j ACCEPT
>
> iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
> 27015:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
> ${OUTSIDE_IP}
>
>
> Other information can be found at www.iptables.org
>
> =)
> - Original Message -
> From: "danal1" <[EMAIL PROTECTED]>
> To:
> Sent: Saturday, December 25, 2004 3:37 PM
> Subject: [hlds_linux] Iptables help! ;-)
>
>
> > Hi,
> > Does anyone use the Linux server behind an iptables firewall?
> >
> > If so, could you email your Ipmasquerade and forwarding rules and port
> > settings tcp and udp for
> > the HLDS?
> >
> > Thanks!
> >
> > This is a great list to be on!
> > Dana
> >
> >
> > --
> > No virus found in this outgoing message.
> > Checked by AVG Anti-Virus.
> > Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004
> >
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Iptables help! ;-)
Here is my iptables setup,, there is a port range, as at times I have more
then 1 server running (CSS/HL2dm). If you are just going to be running 1
game process on the 1 server then edit it . I am sure that someone here will
probably point out a few lines that could be dropped for your purposes. If
there is no need to insure access from the inside network to the gameserver
with a client game then drop the postrouting strings, as they are probably
redundent but help insure everything works.
# CS
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 1200 -j
DNAT --to ${KENNYCOM1_IP}:1200
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 1200 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27020 -j
DNAT --to ${KENNYCOM1_IP}:27020
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27020 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A PREROUTING -t nat -p udp -d ${OUTSIDE_IP} --dport 27000:27016 -j
DNAT --to ${KENNYCOM1_IP}:27000-27016
iptables -A FORWARD -p udp -d ${KENNYCOM1_IP} --dport 27000:27016 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p udp -d ${KENNYCOM1_IP} --dport
27000:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 27030:27039 -j
DNAT --to ${KENNYCOM1_IP}:27030-27039
iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27030:27039 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
27030:27039 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 27015:27016 -j
DNAT --to ${KENNYCOM1_IP}:27015-27016
iptables -A FORWARD -p tcp -d ${KENNYCOM1_IP} --dport 27015:27016 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A POSTROUTING -t nat -p tcp -d ${KENNYCOM1_IP} --dport
27015:27016 -s ${INSIDE_NETWORK}/${INSIDE_NETMASK} -j SNAT --to
${OUTSIDE_IP}
Other information can be found at www.iptables.org
=)
- Original Message -
From: "danal1" <[EMAIL PROTECTED]>
To:
Sent: Saturday, December 25, 2004 3:37 PM
Subject: [hlds_linux] Iptables help! ;-)
Hi,
Does anyone use the Linux server behind an iptables firewall?
If so, could you email your Ipmasquerade and forwarding rules and port
settings tcp and udp for
the HLDS?
Thanks!
This is a great list to be on!
Dana
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.6.4 - Release Date: 12/22/2004
___
To unsubscribe, edit your list preferences, or view the list archives,
please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
