Andrew Smith wrote:
If they want to play on an external server then there isThen what sort of idiot was there that wrote the counterstrike protocol?
nothing required other than standard masquerading/nat
HOWEVER, if you resrtict outgoing (and return) ports then
you need to allow UDP on port 21705
(I'm not sure if TCP is used at all?)
WARNING
if 3 or 4 people do a standard full server update at the
same time it will fill your conntrack table and you will
start dropping other connections for a while
Counterstrike is beyond the tiny limitation of a 64K conntrack
table and since you cannot specifically say to timeout the
counterstrike server update connections quickly (due to the
fact that you will never need to do this - yeah I know that's
wrong but ... that's what the netfilter developers say)
you end up filling the conntrack table
You need to be able to set it to handle about 20,000 connections
per user that is using Counterstrike but I think it is limited
to only 64K - but I'm not 100% certain.
I mean - 20.000 connections per user???? It's crazy! How about a good old TCP connection instead?
