Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Ifan on December 18, 2001, 04:42:44 PM

Title: FIREWALL
Post by: Ifan on December 18, 2001, 04:42:44 PM

i want to disable my firewall i dont need it i dont need any protection @ all coze i dont have any valuble stuff and its bugggggging me. when i try to send files over icq, irc........ and many games that i play doesent work over internet, i only have a server coze it have www (unlimited space), ftp (unlimited space) , and router thats it plzzz people help me.

Title: Re: FIREWALL
Post by: WXP on December 18, 2001, 04:46:21 PM

oh ?

I'm an ICQ user.. I'm a CS, Quake3 and other games player and I don't have any trouble with it buddy..

Title: Re: FIREWALL
Post by: Ifan on December 18, 2001, 05:06:00 PM

have u tryied to play fallout, diablo.... and when i send files thro icq i get CANT ESTABLISH......and the worse problem when i try to recive files my friends complain all time we cant send files to u CANT SENDblabla,  and when i just run win2k, win98 without server it works perfectly (to recive files and send)

Title: Re: FIREWALL
Post by: WXP on December 18, 2001, 05:26:18 PM

OK two things dude..

First one, for ICQ, try to play with the connection settings.
I assume (cant exactly remember) that you have to specify that you are behing a firewall.. if my reminds are good, you don't have to tell him to use socks5 of whatever.. just tell him you're behing a firewall.

Second one, I never tried diablo and fallout.. sorry man but I think you should ask (or find on the net) why it's not working behind your server.
If your server makes the connection to another one, it should be ok.. but If you want to be the server it wont be ok 'cause you have to use port forwarding.

Do you mean you cant actually play the games... you client and a server on the internet ?

I tried some games and never had any trouble....
CS no problem, quake 3 no problem, king pin no problem...

Hope this helps !

Title: Re: FIREWALL
Post by: Franck on December 18, 2001, 08:07:10 PM

>
> i want to disable my firewall i dont need it i dont need any
> protection @ all coze i dont have any valuble stuff and its
> bugggggging me. when i try to send files over icq,
> irc........ and many games that i play doesent work over
> internet, i only have a server coze it have www (unlimited
> space), ftp (unlimited space) , and router thats it plzzz
> people help me.

The problem is not the firewall.... The problem is that many protocols don't work very well when used behind a computer (or router) sharing internet connection....

Disabling firewall rules built into e-smith won't make diablo or ICQ file transfert working.... These games/applications cannot work behind a "connection sharing system" without specific masquerading modules and/or 'protocol specific' ports forwarding...
Ifan wrote:

Title: Re: FIREWALL
Post by: Tony on December 21, 2001, 10:48:21 AM

If you configure the server in " privat server mode ".
I belive it does not load the firewall. But it still works like server/gateway.
/Tony

Title: Re: FIREWALL
Post by: Ifan on December 21, 2001, 09:41:22 PM

how do i do taht Tony?

Title: Re: FIREWALL
Post by: Tony on December 22, 2001, 10:57:34 AM

Log in with reminal as admin
and run the configure server script. Leave all options like the are, only change the server mode: Server/Gateway to Privar Server/gateway..
/Tony

Title: Re: FIREWALL
Post by: cheech on January 01, 2002, 10:56:30 PM

Well I have a simular problem not with diablo or icq because playing the games work just fine for me its hosting is what I need to figure out. So how would I go about allowing ports on my esmith server so that I can host games through networks such sierra and gamespy for games such as empire earth ect.. I have People testing it and it says im behind firewall. I know the ports to free but not sure how I would allow them into esmith. Can anyone please help me open certain ports and how I would go about doing this. Thanks...

              Sincerely, Cheech.

Title: Re: FIREWALL
Post by: Dan G. on January 01, 2002, 11:50:53 PM

This is the text from an email discussion I had with another list member.  It related to Starcraft, but contains the "meat" of the portforwarding and ipchains needed to get through to servers.

Security of this is your responsibility --- I don't make any claim as to how secure this is or isn't.  Use at your own risk, YMMV, and all that...

===========================================================
I have only worked with Half-Life servers, but some of it might apply here.  
First thing to do is get:

ftp://ftp.e-smith.org/pub/e-smith/contrib/CharlieBrady/RPMS/noarch/e-smith-
ipportfw-0.1.1-1.noarch.rpm

Install it with: rpm -ivh e-smith-ipportfw-0.1.1-1.noarch.rpm

Then follow the instructions here:
http://www.myezserver.com/docs/mitel/ipportfw-howto.html

Since it looks like you need a *range* of ports, you will need to specify them
explicitly.  If I am correct, the file you will need for ipportfwd package(as
described above) will look like this:


Begin:
==================================CUT BELOW

#Made for use with e-smith-ipportfw-0.1.1-1.noarch.rpm
#-------------------------------------------------

#----------------
# TCPFORWARDS
#----------------

TPORT1=6112
TADDR1=your.server.ip.address
TPORT2=6113
TADDR2=your.server.ip.address
TPORT3=6114
TADDR3=your.server.ip.address
TPORT4=6115
TADDR4=your.server.ip.address
TPORT5=6116
TADDR5=your.server.ip.address
TPORT6=6117
TADDR6=your.server.ip.address
TPORT7=6118
TADDR7=your.server.ip.address
TPORT8=6119
TADDR8=your.server.ip.address

#----------------
# UDPFORWARDS
#----------------

UPORT1=6112
UADDR1=your.server.ip.address
UPORT2=6113
UADDR2=your.server.ip.address
UPORT3=6114
UADDR3=your.server.ip.address
UPORT4=6115
UADDR4=your.server.ip.address
UPORT5=6116
UADDR5=your.server.ip.address
UPORT6=6117
UADDR6=your.server.ip.address
UPORT7=6118
UADDR7=your.server.ip.address
UPORT8=6119
UADDR8=your.server.ip.address

/sbin/e-smith/db configuration setprop masq TCPForwards
$TPORT1,$TADDR1,$TPORT2,$TADDR2,$TPORT3,$TADDR3,$TPORT4,$TADDR4,$TPORT5,$TADDR5,
$TPORT6,$TADDR6,$TPORT7,$TADDR7,$TPORT8,$TADDR8
/sbin/e-smith/db configuration setprop masq UDPForwards
$UPORT1,$UADDR1,$UPORT2,$UADDR2,$UPORT3,$UADDR3,$UPORT4,$UADDR4,$UPORT5,$UADDR5,
$UPORT6,$UADDR6,$UPORT7,$UADDR7,$UPORT8,$UADDR8
/sbin/e-smith/signal-event remoteaccess-update
/sbin/ipchains -n -L input
/usr/sbin/ipmasqadm portfw -n -l

==================================CUT ABOVE
END

For the IPChains, you would probably need to do something like this:

/sbin/ipchains -A input -p tcp -d 6112:6119 -j ACCEPT
/sbin/ipchains -A input -p udp -d 6112:6119 -j ACCEPT

Since I don't know much about tinkering with the guts of SME, I just put the
IPChains statements in a script file, and I just remember to manually execute
it when I reboot the server (about every 4 months, so it's no big deal).

Title: Re: FIREWALL
Post by: cheech on January 02, 2002, 02:28:21 AM

Thanks a bunch man, Just got esmith eh about hour before I posted and also new to linux. Now I just have to figure out how to get the ipportfwd program through to the server on the network with out it saying access denied. Thanks again.



 Sincerely, Cheech

Title: Re: FIREWALL
Post by: Ric_Hard on January 25, 2002, 12:22:04 AM

You can do this by setting up an Information Bay with the e-smith manager. Once that is created, you have a share on your network. To allow write access to that file you must log on as root and use the command:

chmod -R 777

The file location will be somewhere in "/home", I can't remember the exact location, a while since I setup an e-smith server. Hope this helps.

Rich