hi
i using a sme v5.5 to be the firewall, and installed a cs server behind!
i had open needed ports, and the client can connect it throught internet but the server still cannot listed.
any thing i need to do?
thx!
ps:
i had find something.but i dont know how to do on SMEMy setup uses a Linux box acting as a firewall with kernel 2.2.16. Naturally, it has two NICs...one internal and one external. I use ip_masq to do NAT. The Half-Life server is inside the firewall.
I have the following ports forwarded (UDP only):
7002, 6003, 27005, 27010, 27011, 27015
Accomplish this by running:
/usr/sbin/ipmasqadm portfw -a -P udp -L [ExtFirewallIP] 7002 -R [hlServerIP] 7002
/usr/sbin/ipmasqadm portfw -a -P udp -L [ExtFirewallIP] 6003 -R [hlServerIP] 6003
/usr/sbin/ipmasqadm portfw -a -P udp -L [ExtFirewallIP] 27005 -R [hlServerIP] 27005
/usr/sbin/ipmasqadm portfw -a -P udp -L [ExtFirewallIP] 27010 -R [hlServerIP] 27010
/usr/sbin/ipmasqadm portfw -a -P udp -L [ExtFirewallIP] 27011 -R [hlServerIP] 27011
/usr/sbin/ipmasqadm portfw -a -P udp -L [ExtFirewallIP] 27015 -R [hlServerIP] 27015
[ExtFirewallIP] -- the external IP address of your firewall
[hlServerIP] -- the internal IP address of your hl server.
Some of those ports may not be required, I just guessed based on posts I've seen elsewhere. In fact, you can probably just get by with port 27015.
At this point, you should be able to fire up the HL server without a problem...it should authenticate correctly and connect to the Master servers. You can even connect to your server if you view _LAN games_ on your internal network, or manually "Add the server" on an external network.
However, your server WON'T be listed on WON.net.
I got this far and was stumped. Sniffing my external network (tcpdump) revealed loads of icmp errors of the form:
icmp: [ExtFirewallIP] udp port 64306 unreachable [tos 0xc0]
(64306 was seemingly random)
The server _IS_ listed with WON, but pings aren't getting through, so the individual clients don't list the server because they can't connect and resolve the server name, game type, player count, etc. If you do an 'Update' in Counter-Strike and then cancel as soon as it starts resolving server names, you should be able to find your IP address in the list that comes out (be sure to disable all the filters). If you 'View Info' on your IP address, you'll see that the Server Address is listed as being on port 64306 (or something close). That can't be right! Games are supposed to be on port 27015 (or similar)!
It turns out that ip_masq uses ports 61000-64999 for outgoing connections. Basically, your HL Server connects to your firewall using the correct port (27015). Your firewall then ip_masqs the connection and sends it out through ports 61000-64999. WON.net sees you as coming from that 64306 port, and tells other users that your game is running on that port. Well, ip_masq only allows the host you connected to to send traffic back through that port. So, when other uses try to connect or ping you on that port, they'll get that 'port unreachable' error.
Finally, the solution. Enable loose UDP on your firewall:
echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose
Loose UDP allows ANY host to connect through that 64306 port -- not just the destination host on the original connection. See the IP-Masq HOWTO for information on LooseUDP:
http://www.europe.redhat.com/documentation/HOWTO/IP-Masquerade-HOWTO-6.php3#ss6.11
0 Replies
533 Views