On Sun, 2003-07-27 at 14:28, Keith Mickunas wrote:
I'm really sorry if this is covered all the time, but I just can't figure it out. Is there a simple way to set up the firewall to allow windows machines to play games on the internet? I've been through the manuals, the conf file, unofficial faq, and I'm not having a lot of luck.
This is what I have set up: P2 running SuSE 8.2 Pro with all the latest updates eth0 connected to the internet eth1, 192.168.0.201, connected to the internal network Internal machines can access the web, external machines can access ssh and the webserver on the SuSE machine.
The game I want to play is using port 2325, and some others show up for source ports. Are these the correct settings?
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
This is fine, anything above 1024 is a high port (unprivileged).
FW_FORWARD=""
Same as mine, as my games I would leave it that way.
FW_FORWARD_MASQ="0/0,192.168.0.2,tcp,2325 "
Get rid of this imho. Have basically the same setup as you have, my wife's ugle winxp works with EverQuest fine. Blank it out and try again.
I can get connected for a bit, then it drops me. Do I need to open up the ports via FW_SERVICES_INT_TCP and FW_SERVICES_EXT_TCP also? Is there a simple one step solution to allow all my windows pcs to play various games on the internet? Or do I have to do special rules for each and every machine and game in FW_FORWARD_MASQ? I could swear that when I used other tools in the past I could just open up a port and be done with it. Yet I'm having nothing but trouble with this. The weird thing is how some stuff works just fine. I got waste running pretty quickly, but I had to initiate the connection with my friend, the firewall blocked his attempt to connect to me, but once I connected to him things went back and forth just fine.
Is this peer to peer? The main thing is, the ports are open at least (but maybe ending up on the server only, maybe...), but looking through the comments: # With this option you may allow access to e.g. your mailserver. The # machines must be in a masqueraded segment and may not have public IP addesses!# Hint: if FW_DEV_MASQ is set to the external interface you have to set # FW_FORWARD from internal to DMZ for the service as well to allow access # from internal! Not had to do this at all myself.
-- Keith Mickunas keith@mickunas.net
I'll be deep in the cold, cold ground before I recognize Missourah! - Grandpa Simpson
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/