I'm really sorry if this is covered all the time, but I just can't figure it out. Is there a simple way to set up the firewall to allow windows machines to play games on the internet? I've been through the manuals, the conf file, unofficial faq, and I'm not having a lot of luck. This is what I have set up: P2 running SuSE 8.2 Pro with all the latest updates eth0 connected to the internet eth1, 192.168.0.201, connected to the internal network Internal machines can access the web, external machines can access ssh and the webserver on the SuSE machine. The game I want to play is using port 2325, and some others show up for source ports. Are these the correct settings? FW_QUICKMODE="no" FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" - shouldn't this masquerade every port? FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="http https ssh " FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="137 138 139" FW_SERVICES_INT_UDP="137 138 139" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="yes" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="yes" FW_FORWARD="" FW_FORWARD_MASQ="0/0,192.168.0.2,tcp,2325 " I can get connected for a bit, then it drops me. Do I need to open up the ports via FW_SERVICES_INT_TCP and FW_SERVICES_EXT_TCP also? Is there a simple one step solution to allow all my windows pcs to play various games on the internet? Or do I have to do special rules for each and every machine and game in FW_FORWARD_MASQ? I could swear that when I used other tools in the past I could just open up a port and be done with it. Yet I'm having nothing but trouble with this. The weird thing is how some stuff works just fine. I got waste running pretty quickly, but I had to initiate the connection with my friend, the firewall blocked his attempt to connect to me, but once I connected to him things went back and forth just fine. -- Keith Mickunas keith@mickunas.net I'll be deep in the cold, cold ground before I recognize Missourah! - Grandpa Simpson ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
On Sun, 2003-07-27 at 14:28, Keith Mickunas wrote:
I'm really sorry if this is covered all the time, but I just can't figure it out. Is there a simple way to set up the firewall to allow windows machines to play games on the internet? I've been through the manuals, the conf file, unofficial faq, and I'm not having a lot of luck.
This is what I have set up: P2 running SuSE 8.2 Pro with all the latest updates eth0 connected to the internet eth1, 192.168.0.201, connected to the internal network Internal machines can access the web, external machines can access ssh and the webserver on the SuSE machine.
The game I want to play is using port 2325, and some others show up for source ports. Are these the correct settings?
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
This is fine, anything above 1024 is a high port (unprivileged).
FW_FORWARD=""
Same as mine, as my games I would leave it that way.
FW_FORWARD_MASQ="0/0,192.168.0.2,tcp,2325 "
Get rid of this imho. Have basically the same setup as you have, my wife's ugle winxp works with EverQuest fine. Blank it out and try again.
I can get connected for a bit, then it drops me. Do I need to open up the ports via FW_SERVICES_INT_TCP and FW_SERVICES_EXT_TCP also? Is there a simple one step solution to allow all my windows pcs to play various games on the internet? Or do I have to do special rules for each and every machine and game in FW_FORWARD_MASQ? I could swear that when I used other tools in the past I could just open up a port and be done with it. Yet I'm having nothing but trouble with this. The weird thing is how some stuff works just fine. I got waste running pretty quickly, but I had to initiate the connection with my friend, the firewall blocked his attempt to connect to me, but once I connected to him things went back and forth just fine.
Is this peer to peer? The main thing is, the ports are open at least (but maybe ending up on the server only, maybe...), but looking through the comments: # With this option you may allow access to e.g. your mailserver. The # machines must be in a masqueraded segment and may not have public IP addesses!# Hint: if FW_DEV_MASQ is set to the external interface you have to set # FW_FORWARD from internal to DMZ for the service as well to allow access # from internal! Not had to do this at all myself.
-- Keith Mickunas keith@mickunas.net
I'll be deep in the cold, cold ground before I recognize Missourah! - Grandpa Simpson
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
Thanks for the advice. I did get Diablo to work easily enough. Age of Empires cuts out after a bit, but I'm not sure why, it doesn't seem related to the firewall though. Now I have to figure out how to let my internal machines see the web site on the firewall by using its name, and not the internal ip. Seems if I try to access the name, which is registered to the external card, the firewall blocks it, even though I've explicitly stated both internal and external connections can see port 80, http, and https. But the log is showing that the firewall refuses the connection on the internal card to port 80. -- Keith Mickunas keith@mickunas.net I'll be deep in the cold, cold ground before I recognize Missourah! - Grandpa Simpson Quoting Matthew Johnson <stargoat@netzon.net>:
I'm really sorry if this is covered all the time, but I just can't figure it out. Is there a simple way to set up the firewall to allow windows machines to play games on the internet? I've been through the manuals, the conf file, unofficial faq, and I'm not having a lot of luck.
This is what I have set up: P2 running SuSE 8.2 Pro with all the latest updates eth0 connected to the internet eth1, 192.168.0.201, connected to the internal network Internal machines can access the web, external machines can access ssh and
webserver on the SuSE machine.
The game I want to play is using port 2325, and some others show up for
On Sun, 2003-07-27 at 14:28, Keith Mickunas wrote: the source
ports. Are these the correct settings?
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
This is fine, anything above 1024 is a high port (unprivileged).
FW_FORWARD=""
Same as mine, as my games I would leave it that way.
FW_FORWARD_MASQ="0/0,192.168.0.2,tcp,2325 "
Get rid of this imho. Have basically the same setup as you have, my wife's ugle winxp works with EverQuest fine. Blank it out and try again.
I can get connected for a bit, then it drops me. Do I need to open up the ports via FW_SERVICES_INT_TCP and FW_SERVICES_EXT_TCP also? Is there a simple one step solution to allow all my windows pcs to play various games on the internet? Or do I have to do special rules for each and every machine and game in FW_FORWARD_MASQ? I could swear that when I used other tools in the past I could just open up a port and be done with it. Yet I'm having nothing but trouble with this. The weird thing is how some stuff works just fine. I got waste running pretty quickly, but I had to initiate the connection with my friend, the firewall blocked his attempt to connect to me, but once I connected to him things went back and forth just fine.
Is this peer to peer? The main thing is, the ports are open at least (but maybe ending up on the server only, maybe...), but looking through the comments:
# With this option you may allow access to e.g. your mailserver. The # machines must be in a masqueraded segment and may not have public IP addesses!# Hint: if FW_DEV_MASQ is set to the external interface you have to set # FW_FORWARD from internal to DMZ for the service as well to allow access # from internal!
Not had to do this at all myself.
-- Keith Mickunas keith@mickunas.net
I'll be deep in the cold, cold ground before I recognize Missourah! -
Grandpa
Simpson
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
The 03.07.27 at 22:10, Keith Mickunas wrote:
the name, which is registered to the external card, the firewall blocks it, even though I've explicitly stated both internal and external connections can see port 80, http, and https. But the log is showing that the firewall refuses the connection on the internal card to port 80.
Because you have them closed:
FW_SERVICES_INT_TCP="137 138 139" FW_SERVICES_INT_UDP="137 138 139"
-- Cheers, Carlos Robinson
I should have specified that I did change those variables. I now have it set to: FW_SERVICES_INT_TCP="80 137 138 139 1000:4000 47624" FW_PROTECT_FROM_INTERNAL="no" FW_ALLOWINCOMING_HIGHPORTS_*="yes" And yet I see rejections in the log that look like this: SuSE-FW-ACCESS_DENIED_INT IN =eth1 OUT= MAC(blah blah) SRC=192.168.0.2 DST=209... LEN... PROTO=TCP SPT=4584 DPT=80 ... So the SRC IP is my windows box, the dest IP is eth0 which is the external ethernet card. So the request comes in via eth1 to port 80 and it gets blocked. I even tried using http and https in the FW_ line. Yet Samba and ssh work just fine. There's another thread that's covering similar issues. Someone mentioned something about "split-brain dns" or the like. Still it should be available. When I had Redhat 7.1 running and used firestarter to set up an iptables firewall it worked just fine. It was easy as can be to open a port, allow and block specific ips, and view the webserver. -- Keith Mickunas keith@mickunas.net I'll be deep in the cold, cold ground before I recognize Missourah! - Grandpa Simpson Quoting "Carlos E. R." <robin1.listas@tiscali.es>:
The 03.07.27 at 22:10, Keith Mickunas wrote:
the name, which is registered to the external card, the firewall blocks it, even though I've explicitly stated both internal and external connections can see port 80, http, and https. But the log is showing that the firewall refuses the connection on the internal card to port 80.
Because you have them closed:
FW_SERVICES_INT_TCP="137 138 139" FW_SERVICES_INT_UDP="137 138 139"
-- Cheers, Carlos Robinson
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
The 03.07.28 at 15:24, Keith Mickunas wrote:
So the SRC IP is my windows box, the dest IP is eth0 which is the external ethernet card. So the request comes in via eth1 to port 80 and it gets blocked. I even tried using http and https in the FW_ line. Yet Samba and ssh work just fine.
Perhaps the error is here:
FW_MASQ_NETS="0/0" - shouldn't this masquerade every port?
and it should be something like: FW_MASQ_NETS="192.168.0.0/24" It applies to nets, not ports. -- Cheers, Carlos Robinson
participants (3)
-
Carlos E. R. -
Keith Mickunas -
Matthew Johnson