Multiple Port Forwarding

Multiple Port Forwarding

[Bewerbungsadresse@web.de]

hi guys

sorry for this possibly "bad title"

but i´ve got a question regarding port forwarding and iptables
(i hope this question hasn´t been asked so much *gg)

is it possible to forward one port on the firewall to different clients?

e.g.

Internet -> Request to Firewall Port 4162

Rule: Forward all traffic on port to host:

a) 192.168.0.1:4162
b) 192.168.0.2:4162
c) 192.168.0.3:4162

???????

background: P2P for example should be possible on _all_ clients
it´s really just for information, cause i hate P2P ;)

it would be very kind, if you could help me or give any hints, where i 
can find more information (google is not very helpful in this way)

thx
micha

Multiple Port Forwarding

[Scorched]

I found this group on google looking for how to do multiple port forwarding
(I'm trying to setup so me and a friend can play Starcraft together on the
same connection [with different CD keys though, got two copies of the game..
is all legit])

I have exactly the same problem as this guy, so here's a copy of the thread
I found, that no one ever replied to to help with (I checked) :/

====================
http://lists.netfilter.org/pipermail/netfilter/2003-July/045290.html
====================
hi guys

sorry for this possibly "bad title"

but i´ve got a question regarding port forwarding and iptables
(i hope this question hasn´t been asked so much *gg)

is it possible to forward one port on the firewall to different clients?

e.g.

Internet -> Request to Firewall Port 4162

Rule: Forward all traffic on port to host:

a) 192.168.0.1:4162
b) 192.168.0.2:4162
c) 192.168.0.3:4162

???????

background: P2P for example should be possible on _all_ clients
it´s really just for information, cause i hate P2P ;)

it would be very kind, if you could help me or give any hints, where i
can find more information (google is not very helpful in this way)

thx
micha
=========================

Please can anyone help me? If anyone knows how to do this, it'd be great
I am using a Netgear DG824M router, I have looked in all the settings but I
can't find an option for it, the only thing I am able to do is port forward
and make DMZ.

This is good, but does not let me make Starcraft work for two computers on
the same network, as the DMZ only works for one computer, and so does the
port forwarding. I can't have two DMZ, and if I make a DMZ and a port
forward the port forward takes priority and the DMZ receives no data

Looking forward to any replies..

-Scorched

Re: Multiple Port Forwarding

[Nick Drage]

On Thu, Aug 19, 2004 at 10:27:48PM +0100, Scorched wrote:
> I found this group on google looking for how to do multiple port forwarding
> (I'm trying to setup so me and a friend can play Starcraft together on the
> same connection [with different CD keys though, got two copies of the game..
> is all legit])

This probably isn't the right place to ask... I haven't looked myself
but I suspect there are better ways to fool games software into thinking
all the computers are on the same LAN than using IPTables.  I would
think your best bet is to look for "tunnelling" software and see what
you can find.

-- 
"I think a church with a lightning rod shows a decided lack of confidence"

Re: Multiple Port Forwarding

[Alistair Tonner]

On August 19, 2004 05:27 pm, Scorched wrote:
> I found this group on google looking for how to do multiple port forwarding
> (I'm trying to setup so me and a friend can play Starcraft together on the
> same connection [with different CD keys though, got two copies of the

	<snippage>

> sorry for this possibly "bad title"
>
> but i´ve got a question regarding port forwarding and iptables
> (i hope this question hasn´t been asked so much *gg)
>
> is it possible to forward one port on the firewall to different clients?
>
	Certainly it is *possible* -- and would be rather complex,
	but you likely do not want to forward each packet to every client inside
	the firewall.

	What you want is a proxy server for the game protocol,
	if what you are attempting to do is have outside game clients connect
	to your inside game.

	Not something that iptables can do.  However, ... outbound connections
	from a lot of games to servers outside the firewall will work just fine, with
	ESTABLISHED, RELATED rules.

	If you have *one* client inside that will be hosting the game, it is doable,
	and in that case the second, and successive clients inside the firewall 
	would connect directly to the INSIDE address of the (server) copy of the 
	game.  In THIS case you need to know details of the connection between 
	clients and server versions -- i.e. port numbers, protocols, and whatnot,
	and set up appropriate ACCEPT and REDIRECT rules.
	

	If what you are trying to do is have two games behind your firewall connect
	to each other in different network segments, ... we'd need more detail, but 
	it should be doable in FORWARDING and -t nat PREROUTING etc....


	Now ... Battlenet ... anyone care to write a conntrack/nat module for 
that ???  { yes ...  I KNOW the module rules!!!!}

	*grin*

	Alistair Tonner
	

RE: Multiple Port Forwarding

[Daniel Chemko]

Scorched wrote:
> I found this group on google looking for how to do multiple port
> forwarding (I'm trying to setup so me and a friend can play Starcraft
> together on the same connection [with different CD keys though, got
> two copies of the game.. is all legit])
> 
> I have exactly the same problem as this guy, so here's a copy of the
> thread I found, that no one ever replied to to help with (I checked)
> :/ 

The following article described a way to accomplish it. I'm not sure if
its fresh:
http://www.mplug.org/phpwiki/index.php/NetfilterStarcraft


Me ---------|
            |--- Firewall -- battle.net / Server
My Friend --|

Each user wants to send their source port as 6112, but since only one
guy can have that port, we have to change our source port. Ex.

Outgoing:
ip-me:port-5112 -> dest:5112 >> FW >> ip-fw:port-5112 -> dest:5112
ip-friend:port-5112 -> dest:5112 >> FW >> ip-friend:port-5113 ->
dest:5112

Return:
dest:5112 -> ip-fw:port-5112 >> FW >> dest:5112 -> ip-me:5112
dest:5112 -> ip-fw:port-5113 >> FW >> dest:5112 -> ip-friend:5112

I can't see what's wrong with this picture unless Starcraft uses other
messed up port assignments. If you really want to help us diagnose this,
please run the game and list the ports that the program is using with
the following details:

protocol src_ip src_port dst_ip dst_port

Please do this on the inside interface of the firewall, not the outside.

Re: Multiple Port Forwarding

[Scorched]

Umm. Damn.
Linux only... I don't think my router is linux, I don't think it has any
standard OS, just firmware. It is a Netgear DG824M router :/ Usually only
way to set it up is through the web-based interface accessable through
192.168.0.1 for computers connected to the network, but I was wondering if
there was any way to get past that.

I just looked at netfilter.org and well... I see I may have the wrong
newsgroup :s But you all seem pretty knowledgeable about the subject so
maybe you can help me still, I'm not sure.

Here's a screenshot to give you an idea..

www.berzerker.net/blizzard/port_foward.gif

I hope anyone is able to help :/ maybe there's some way to get around it..


----- Original Message ----- 
From: "Daniel Chemko" <dchemko@smgtec.com>
To: "Scorched" <scorched1@btinternet.com>; <netfilter@lists.netfilter.org>
Sent: Friday, August 20, 2004 1:23 AM
Subject: RE: Multiple Port Forwarding


Scorched wrote:
> I found this group on google looking for how to do multiple port
> forwarding (I'm trying to setup so me and a friend can play Starcraft
> together on the same connection [with different CD keys though, got
> two copies of the game.. is all legit])
>
> I have exactly the same problem as this guy, so here's a copy of the
> thread I found, that no one ever replied to to help with (I checked)
> :/

The following article described a way to accomplish it. I'm not sure if
its fresh:
http://www.mplug.org/phpwiki/index.php/NetfilterStarcraft


Me ---------|
            |--- Firewall -- battle.net / Server
My Friend --|

Each user wants to send their source port as 6112, but since only one
guy can have that port, we have to change our source port. Ex.

Outgoing:
ip-me:port-5112 -> dest:5112 >> FW >> ip-fw:port-5112 -> dest:5112
ip-friend:port-5112 -> dest:5112 >> FW >> ip-friend:port-5113 ->
dest:5112

Return:
dest:5112 -> ip-fw:port-5112 >> FW >> dest:5112 -> ip-me:5112
dest:5112 -> ip-fw:port-5113 >> FW >> dest:5112 -> ip-friend:5112

I can't see what's wrong with this picture unless Starcraft uses other
messed up port assignments. If you really want to help us diagnose this,
please run the game and list the ports that the program is using with
the following details:

protocol src_ip src_port dst_ip dst_port

Please do this on the inside interface of the firewall, not the outside.