This is the text from an email discussion I had with another list member. It related to Starcraft, but contains the "meat" of the portforwarding and ipchains needed to get through to servers.
Security of this is your responsibility --- I don't make any claim as to how secure this is or isn't. Use at your own risk, YMMV, and all that...
===========================================================
I have only worked with Half-Life servers, but some of it might apply here.
First thing to do is get:
ftp://ftp.e-smith.org/pub/e-smith/contrib/CharlieBrady/RPMS/noarch/e-smith-ipportfw-0.1.1-1.noarch.rpm
Install it with: rpm -ivh e-smith-ipportfw-0.1.1-1.noarch.rpm
Then follow the instructions here:
http://www.myezserver.com/docs/mitel/ipportfw-howto.htmlSince it looks like you need a *range* of ports, you will need to specify them
explicitly. If I am correct, the file you will need for ipportfwd package(as
described above) will look like this:
Begin:
==================================CUT BELOW
#Made for use with e-smith-ipportfw-0.1.1-1.noarch.rpm
#-------------------------------------------------
#----------------
# TCPFORWARDS
#----------------
TPORT1=6112
TADDR1=your.server.ip.address
TPORT2=6113
TADDR2=your.server.ip.address
TPORT3=6114
TADDR3=your.server.ip.address
TPORT4=6115
TADDR4=your.server.ip.address
TPORT5=6116
TADDR5=your.server.ip.address
TPORT6=6117
TADDR6=your.server.ip.address
TPORT7=6118
TADDR7=your.server.ip.address
TPORT8=6119
TADDR8=your.server.ip.address
#----------------
# UDPFORWARDS
#----------------
UPORT1=6112
UADDR1=your.server.ip.address
UPORT2=6113
UADDR2=your.server.ip.address
UPORT3=6114
UADDR3=your.server.ip.address
UPORT4=6115
UADDR4=your.server.ip.address
UPORT5=6116
UADDR5=your.server.ip.address
UPORT6=6117
UADDR6=your.server.ip.address
UPORT7=6118
UADDR7=your.server.ip.address
UPORT8=6119
UADDR8=your.server.ip.address
/sbin/e-smith/db configuration setprop masq TCPForwards
$TPORT1,$TADDR1,$TPORT2,$TADDR2,$TPORT3,$TADDR3,$TPORT4,$TADDR4,$TPORT5,$TADDR5,
$TPORT6,$TADDR6,$TPORT7,$TADDR7,$TPORT8,$TADDR8
/sbin/e-smith/db configuration setprop masq UDPForwards
$UPORT1,$UADDR1,$UPORT2,$UADDR2,$UPORT3,$UADDR3,$UPORT4,$UADDR4,$UPORT5,$UADDR5,
$UPORT6,$UADDR6,$UPORT7,$UADDR7,$UPORT8,$UADDR8
/sbin/e-smith/signal-event remoteaccess-update
/sbin/ipchains -n -L input
/usr/sbin/ipmasqadm portfw -n -l
==================================CUT ABOVE
END
For the IPChains, you would probably need to do something like this:
/sbin/ipchains -A input -p tcp -d
6112:6119 -j ACCEPT
/sbin/ipchains -A input -p udp -d 6112:6119 -j ACCEPT
Since I don't know much about tinkering with the guts of SME, I just put the
IPChains statements in a script file, and I just remember to manually execute
it when I reboot the server (about every 4 months, so it's no big deal).