by router running on the Edge router floppy. Normal traffic goes through
just fine (http, smtp, ftp, etc). The problem comes in with games and
the default behavior of this friewall/router solution. It is geared
towards security and defaults to deny everything and then let in things
on an as specified basis. I would like this to be reversed - accept
everything in both directions and allow me to lock down individual ports
as needed. This is how my previous Cisco 766 ISDN router worked (using
PAT - little brother to full-blown NAT - same function essentially; lets
multiple machines hide behind one valid IP). I had no problems with
BattleZone or Quake2 or any other games with the Cisco but this Linux
router just refuses to play BattleZone. I can enter the Internet lobby,
connect to the server, see active games, click join game, see the
players in the game, pick a tank and then try to launch and whamo - it
bangs on the connect a while (longer than it should or ever has) and
evetually just sits there forcing me to ALT-TAB to the desktop and do a
CTRL-ALT-DEL to kill the BattleZone task as the game will never launch.
I have experimented with the userin.txt and portfw.txt files and have
issued some "ipchains" commands in an attempt to work around this.
The lines I have put into /etc/userin.txt (commented out all others):
tcp -d PUBLICIP 00000:65535
udp -d PUBLICIP 00000:65535
icmp -d PUBLICIP 00000:65535
tcp -s PUBLICIP 00000:65535
udp -s PUBLICIP 00000:65535
icmp -s PUBLICIP 00000:65535
The way I'm understanding this, this should open up all ports in the
range of 0-65535 for all protocols. Does this look right?
I have also experimented with the ipchains command. I noticed that an
"ipchains -L" command would list a lot of default behaviors apparently
setup to filter out "unwanted" traffic. I used an "ipchains -F" to
flush all settings out completely and the issued:
ipchains -A forward -s 10.1.1.0/24 -j MASQ -b
This sets up a bi-directional rule that *should* allow all protocols to
go in both directions (be MASQ forwarded to original host) but it
doesn't seem to matter much. In fact with nothing but that rule
established I can do normal tasks just fine (like the post I'm writing
right now is being done in this mode). Anyone have an idea why this
rule would allow normal traffic but *still* not allow game traffic to
get back and forth? Seeing as I already have security inside the LAN
(PDC) I am not very concerned with that and would rather have the thing
wide open to the net, and *then* lock down ports that are potentially
troublesome (like udp 138/139 used to be on Win boxes). What am I doing
wrong???