Hello all.Shouldn't need anything that specific. The port forwarding is to allow packets that origonate OUTSITE the system to be sent to a specific computer. I'm on a cable modem at home and I play Unreal Tournament 2003 great with simple masquerading.
I’m using iptables on RH 8.0 to route and firewall my cable connection to the rest of the lan. My problem is joining games (Ghost Recon) on ubi.com from behind the firewall. Ubi.com requires port 80 for http which works fine, port 6667 for chat which also works fine, and 40000-42000 for the game (I’m assuming) which seems to be random when I run nmap on machines running the game with no firewall. Is there a way to allow one or multiple machines behind the firewall to join/host a game by forwarding the ports. I attached my iptables script that I’m currently using.
Thanks,
Matt
After reading your script, (which in my simple opinion is overly complicated), the line:
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
would normally be enough. I use port forwarding for UT2003 only because I run a game server behind the firewall, so I need to allow connections from the inet to the server. But w/o the server, I have no need of port forwarding. Naturally nmap won't see the ports because technically the port is not open. nmap only checks for a port that is (or at least appears to be) open and listening for connections. if I did not have port forward on, and I was in a UT2003 game and someone hit my inet IP on one of the game ports (7777 for example) they would get a ICMP_PORT_UNREACHABLE error (connection refused).
Are you on a static IP or a dynamic? I am on a dynamic and my Masquerading line: iptables -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth1 -j MASQUERADE
works grand. Cannot see why it would not work for you. Try disabling the port forwarding. Can you connect to a web site from a machine behind the firewall? IF so there should be no reason I am aware of that you cannot connect to the game server.
--- Dan
