hi folks,
i don't think this is a problem with iptables. some games using special gameservers, like gamespy. those servers don't allow to play over routers. these servers recognise that you are behind a firewall and try to send data back to the ip you have in your local lan. that's why i think there is no problem with iptables.
Best Regards,
MfG.
Stefan Walther
stefan_walther@gehag-dsk.de
dienst.: +4930/89786448
Funk: +49172/3943961
http://www.gehag-dsk.de
--------------------------------------------------------------
Linux/UNIX is like an Indian Tipi:
No Windows, no Gates and Apache inside.
Outgoing Mail is certified mistake-free.
Examined by DOGMATIC infallibility system.
Version 6.04
| "Raj Wurttemberg" <rajw@c64.us> Sent by: netfilter-admin@lists.netfilter.org 04.12.2002 03:56 | To: <netfilter@lists.netfilter.org> cc: Subject: RE: DirectX 8.1 and NAT |
> standard. So either way this claim is bogus as is any claim without
> reasonable proof.
Well to be honest and from my experience (or inexperience) with
Micro$oft's MechWarrior 4 game it IS possible for ONE computer to play
behind an iptables firewall. I do not know that much about iptables and
I am learning gradually from this mailing list... but here is what I
have on my firewall so I can play MechWarrior 4 (Please don't beat me up
to badly... I'm an iptables noob!):
IPTABLES="/sbin/iptables"
STATIC_IP="My IP address from the ISP"
INTERNAL="My game systems's internal ip address"
$IPTABLES -t nat -A PREROUTING -p udp -d $STATIC_IP --dport 6073 -j DNAT
--to $INTERNAL:6073
$IPTABLES -t nat -A PREROUTING -p tcp -d $STATIC_IP --dport 6667 -j DNAT
--to $INTERNAL:6667
$IPTABLES -t nat -A PREROUTING -p tcp -d $STATIC_IP --dport 9999 -j DNAT
--to $INTERNAL:9999
$IPTABLES -t nat -A PREROUTING -p tcp -d $STATIC_IP --dport 2200:2400 -j
DNAT --to $INTERNAL:2200-2400
$IPTABLES -t nat -A PREROUTING -p udp -d $STATIC_IP --dport 2200:2400 -j
DNAT --to $INTERNAL:2200-2400
$IPTABLES -t nat -A PREROUTING -p udp -d $STATIC_IP --dport 27999:29000
-j DNAT --to $INTERNAL:27999-29000
$IPTABLES -t nat -A PREROUTING -p tcp -d $STATIC_IP --dport 27999:29000
-j DNAT --to $INTERNAL:27999-29000
$IPTABLES -t nat -A PREROUTING -p tcp -d $STATIC_IP --dport 47624 -j
DNAT --to $INTERNAL:47624
$IPTABLES -t nat -A PREROUTING -p udp -d $STATIC_IP --dport 47624 -j
DNAT --to $INTERNAL:47624
$IPTABLES -A FORWARD -p udp -d $INTERNAL --dport 6073 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -d $INTERNAL --dport 6667 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -d $INTERNAL --dport 9999 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -d $INTERNAL --dport 2200:2400 -j ACCEPT
$IPTABLES -A FORWARD -p udp -d $INTERNAL --dport 2200:2400 -j ACCEPT
$IPTABLES -A FORWARD -p udp -d $INTERNAL --dport 27999:29000 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -d $INTERNAL --dport 27999:29000 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -d $INTERNAL --dport 47624 -j ACCEPT
$IPTABLES -A FORWARD -p udp -d $INTERNAL --dport 47624 -j ACCEPT
Comments, corrections, and advice are welcome.
Thanks,
/*Raj*/
