Linux Firewall vs Valnet or Inetgame

[Spocky]

In my house there is more than one HOI and EU2 gamer . And because of our nice LAN we also had players as guests.

But now we want to play also with people , which can't drive to Ulm.

And I'm the poor guy who had to reconfigure our firewall. The firewall is Linux iptables based. I'm as far as no HOI packets are dopped at the firewall but a testgame hostet by my workstation is still unjoinable.
I've set the logging option for the directplay (HOI ) ports to debug but nothing appeared in the log.

My firewall extension for HOI

###snipp###
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
# enable forwarding

iptables -I INPUT -i eth1 -p tcp --dport 47624 -j input_int
iptables -I INPUT -i eth1 -p tcp --dport 2300:2400 -j input_int
iptables -I INPUT -i eth1 -p udp --dport 47624 -j input_int
iptables -I INPUT -i eth1 -p udp --dport 2300:2400 -j input_int
### first section is to reroute internal stuff at the external Interface to the internal again. If I don't had these lines

###, the fw tries to prevent spoofing and I had nice messages in my firewalllog

iptables -t nat -I PREROUTING -p tcp --dport 6073 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p tcp --dport 6073 -i ppp0 -j DNAT --to 192.168.1.2:6073
iptables -I FORWARD -p tcp -i ppp0 -s 0/0 --dport 6073 -d 192.168.1.2 -j ACCEPT

iptables -t nat -I PREROUTING -p tcp --dport 47624 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p tcp --dport 47624 -i ppp0 -j DNAT --to 192.168.1.2:47624
iptables -I FORWARD -p tcp -i ppp0 -s 0/0 --dport 47624 -d 192.168.1.2 -j ACCEPT


iptables -t nat -I PREROUTING -p tcp --dport 2300:2400 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p tcp --dport 2300:2400 -i ppp0 -j DNAT --to 192.168.1.2
iptables -I FORWARD -p tcp -i ppp0 -s 0/0 --dport 2300:2400 -d 192.168.1.2 -j ACCEPT

iptables -t nat -I PREROUTING -p udp --dport 47624 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p udp --dport 47624 -i ppp0 -j DNAT --to 192.168.1.2:47624
iptables -I FORWARD -p udp -i ppp0 -s 0/0 --dport 47624 -d 192.168.1.2 -j ACCEPT


iptables -t nat -I PREROUTING -p udp --dport 2300:2400 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p udp --dport 2300:2400 -i ppp0 -j DNAT --to 192.168.1.2
iptables -I FORWARD -p udp -i ppp0 -s 0/0 --dport 2300:2400 -d 192.168.1.2 -j ACCEPT

## rulesets are both written for tcp and udp because I was not shure

Has anyone found an error or an idea for another solution ??

What im doing wrong ?

Spocky

hoping for help

 

[unmerged(4219)]

As long as you're allowing traffic through all the ports HOI runs on, there should be no problem.

Speaking of which, what are those ports anyway? You may need to sniff HOI as it tries to host/connect.


By the way, HOI works in Linux under WINE

 

[Spocky]

@Yokozar
You made me a point

I set HOI on my server with the help of wine. And if I want to play a game with internal and external players I start a handoff on the server with a country like El Salvador. And then my internal and external players will join this game running directly on my firewall .

Maybe a good and working workaround ???

Spocky