* game server rules
@ 2003-01-10 18:46 Dominic Irrcher
2003-01-14 14:00 ` Filip Sneppe
0 siblings, 1 reply; 2+ messages in thread
From: Dominic Irrcher @ 2003-01-10 18:46 UTC (permalink / raw)
To: 'netfilter@lists.netfilter.org'
hi,
was wondering if anyone has successfully setup a ruleset for a quake3 server
with iptables ?
this is the ruleset i have in place so far, but i keep getting the following
error:
NET_SendPacket ERROR: Operation not permitted to <connecting ip>:27960
is there something that i am missing for the ruleset ?
iptables -A INPUT -i $IFACE1 -d $IPADDR3 -p udp --dport 27960 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i $IFACE1 -d $IPADDR3 -p tcp --dport 27960 -m state
--state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o $IFACE1 -s $IPADDR3 -p udp --sport 27960 -m state
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $IFACE1 -s $IPADDR3 -p tcp --sport 27960 -m state
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $IFACE1 -d $IPADDR3 -p udp --dport 27960 -m state
--state ESTABLISHED -j ACCEPT
iptables -A INPUT -i $IFACE1 -d $IPADDR3 -p tcp --dport 27960 -m state
--state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o $IFACE1 -s $IPADDR3 -p udp --dport 27960 -m state
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $IFACE1 -s $IPADDR3 -p tcp --dport 27960 -m state
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $IFACE1 -d $IPADDR3 -p udp --sport 27960 -m state
--state ESTABLISHED -j ACCEPT
iptables -A INPUT -i $IFACE1 -d $IPADDR3 -p tcp --sport 27960 -m state
--state ESTABLISHED -j ACCEPT
thanks in advance for any suggestions
Dom
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: game server rules
2003-01-10 18:46 game server rules Dominic Irrcher
@ 2003-01-14 14:00 ` Filip Sneppe
0 siblings, 0 replies; 2+ messages in thread
From: Filip Sneppe @ 2003-01-14 14:00 UTC (permalink / raw)
To: Dominic Irrcher; +Cc: 'netfilter@lists.netfilter.org'
On Fri, 2003-01-10 at 19:46, Dominic Irrcher wrote:
> hi,
>
> was wondering if anyone has successfully setup a ruleset for a quake3 server
> with iptables ?
Hi,
Are you talking about running a quake3 server *on* your Linux
box, playing quake3 *from* your Linux machine, or allowing
quake3 traffic to be firewalled by your Linux machine.
I suspect it's one of the first two, but I couldn't get
that from your rules below...
Either way, this is how it works:
If you set up a server, you need to allow access to the
port you are running the server on, most often 27960, like
this:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --dport 27960 -j ACCEPT
If you want to play quake3 from your machine, the last
rule becomes:
iptables -A OUTPUT -p udp --dport 27960 -j ACCEPT
Same thing (kind of) for the FORWARD chain.
Now there's one more thing to know: if you play online
you will often connect to a master server, get a list
of ip addresses+ports from that server, and connect
to the individual game servers from there.
In that case, all the above won't work, since;
- some of those servers are not running on port 27960
- you're not allowing traffic to the master server
that is running on port 27950
If these last two paragraphs best describe your
situation, and you want to enforce tight security
(ie. the easy way our for a home user is to allow
all udp traffic :-) ), you need the quake3 conntrack/nat
module from patch-o-matic.
Regards,
Filip
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-01-14 14:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-10 18:46 game server rules Dominic Irrcher
2003-01-14 14:00 ` Filip Sneppe
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.