On Mon, 2005-01-10 at 13:13 +0000, Colin Murphy wrote:
On Sunday 09 January 2005 18:26, Colin Murphy wrote:
Am I right in thinking that that the lines:-
FW_SERVICES_EXT_TCP="10090:10071 11100:11199 123 13505 http https ssh" FW_SERVICES_EXT_UDP="3658:3659 6000 6001"
are all that are needed in the file /etc/sysconfig/SuSEfirewall2 ? This is how I have left it after configuring it in Yast.
It would appear that this is not right. I have had someone run nmap externally on the firewall and :-
"it's listing the 4 ports you listed as UDP as being open but 'filtered' for TCP, and the TCP range as being open for UDP :-)"
Any idea where I've gone wrong?
You've opened those ports to the firewall itself. What you actually need to do is configure the FW_FORWARD_MASQ line with something like: FW_FORWARD_MASQ=" 0/0,192.168.0.x,tcp,10071:10090 <- watch the direction... 0/0,192.168.0.x,tcp,11100:11199 0/0,192.168.0.x,udp,3658:3659 0/0,192.168.0.x,udp,6000 0/0,192.168.0.x,udp,6001 " (I use this sort of notation to keep things a little more clear.) Two things here, though. One is that I don't know if this section allows ranges indicated by colons. I don't think it did last time I checked. If not, this becomes somewhat painful for maintenance, but vi should knock it out pretty quickly. Two is that you only get one machine that can play the games associated with the ports, since you have to forward to a *particular* ip address. Please let the list know how the ranges work out. I might need to do just such a thing to host a dedicated CounterStrike server. 8-) Regards, dk