In my house there is more than one HOI and EU2 gamer
. And because of our nice LAN we also had players as guests.
But now we want to play also with people , which can't drive to Ulm.
And I'm the poor guy who had to reconfigure our firewall. The firewall is Linux iptables based. I'm as far as no HOI packets are dopped at the firewall but a testgame hostet by my workstation is still unjoinable.
I've set the logging option for the directplay (HOI ) ports to debug but nothing appeared in the log.
My firewall extension for HOI
###snipp###
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
# enable forwarding
iptables -I INPUT -i eth1 -p tcp --dport 47624 -j input_int
iptables -I INPUT -i eth1 -p tcp --dport 2300:2400 -j input_int
iptables -I INPUT -i eth1 -p udp --dport 47624 -j input_int
iptables -I INPUT -i eth1 -p udp --dport 2300:2400 -j input_int
### first section is to reroute internal stuff at the external Interface to the internal again. If I don't had these lines
###, the fw tries to prevent spoofing and I had nice messages in my firewalllog
iptables -t nat -I PREROUTING -p tcp --dport 6073 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p tcp --dport 6073 -i ppp0 -j DNAT --to 192.168.1.2:6073
iptables -I FORWARD -p tcp -i ppp0 -s 0/0 --dport 6073 -d 192.168.1.2 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 47624 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p tcp --dport 47624 -i ppp0 -j DNAT --to 192.168.1.2:47624
iptables -I FORWARD -p tcp -i ppp0 -s 0/0 --dport 47624 -d 192.168.1.2 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 2300:2400 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p tcp --dport 2300:2400 -i ppp0 -j DNAT --to 192.168.1.2
iptables -I FORWARD -p tcp -i ppp0 -s 0/0 --dport 2300:2400 -d 192.168.1.2 -j ACCEPT
iptables -t nat -I PREROUTING -p udp --dport 47624 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p udp --dport 47624 -i ppp0 -j DNAT --to 192.168.1.2:47624
iptables -I FORWARD -p udp -i ppp0 -s 0/0 --dport 47624 -d 192.168.1.2 -j ACCEPT
iptables -t nat -I PREROUTING -p udp --dport 2300:2400 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p udp --dport 2300:2400 -i ppp0 -j DNAT --to 192.168.1.2
iptables -I FORWARD -p udp -i ppp0 -s 0/0 --dport 2300:2400 -d 192.168.1.2 -j ACCEPT
## rulesets are both written for tcp and udp because I was not shure
Has anyone found an error or an idea for another solution ??
What im doing wrong ?
Spocky
hoping for help
But now we want to play also with people , which can't drive to Ulm.
And I'm the poor guy who had to reconfigure our firewall. The firewall is Linux iptables based. I'm as far as no HOI packets are dopped at the firewall but a testgame hostet by my workstation is still unjoinable.
I've set the logging option for the directplay (HOI ) ports to debug but nothing appeared in the log.
My firewall extension for HOI
###snipp###
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
# enable forwarding
iptables -I INPUT -i eth1 -p tcp --dport 47624 -j input_int
iptables -I INPUT -i eth1 -p tcp --dport 2300:2400 -j input_int
iptables -I INPUT -i eth1 -p udp --dport 47624 -j input_int
iptables -I INPUT -i eth1 -p udp --dport 2300:2400 -j input_int
### first section is to reroute internal stuff at the external Interface to the internal again. If I don't had these lines
###, the fw tries to prevent spoofing and I had nice messages in my firewalllog
iptables -t nat -I PREROUTING -p tcp --dport 6073 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p tcp --dport 6073 -i ppp0 -j DNAT --to 192.168.1.2:6073
iptables -I FORWARD -p tcp -i ppp0 -s 0/0 --dport 6073 -d 192.168.1.2 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 47624 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p tcp --dport 47624 -i ppp0 -j DNAT --to 192.168.1.2:47624
iptables -I FORWARD -p tcp -i ppp0 -s 0/0 --dport 47624 -d 192.168.1.2 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 2300:2400 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p tcp --dport 2300:2400 -i ppp0 -j DNAT --to 192.168.1.2
iptables -I FORWARD -p tcp -i ppp0 -s 0/0 --dport 2300:2400 -d 192.168.1.2 -j ACCEPT
iptables -t nat -I PREROUTING -p udp --dport 47624 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p udp --dport 47624 -i ppp0 -j DNAT --to 192.168.1.2:47624
iptables -I FORWARD -p udp -i ppp0 -s 0/0 --dport 47624 -d 192.168.1.2 -j ACCEPT
iptables -t nat -I PREROUTING -p udp --dport 2300:2400 -i ppp0 -j LOG --log-level DEBUG --log-prefix \"Direct-Play\"
iptables -t nat -I PREROUTING -p udp --dport 2300:2400 -i ppp0 -j DNAT --to 192.168.1.2
iptables -I FORWARD -p udp -i ppp0 -s 0/0 --dport 2300:2400 -d 192.168.1.2 -j ACCEPT
## rulesets are both written for tcp and udp because I was not shure
Has anyone found an error or an idea for another solution ??
What im doing wrong ?
Spocky
hoping for help