ipnat and ipf question

ipnat and ipf question

Post by jw » Wed, 13 Jun 2001 13:26:28



I am trying to get MechWarrior 4 to work through a firewall using IPF and
IPNAT.  Using Microsoft's support pages I found out that I need several
ports open. (Before anyone flames me let me explain two things, one I am
doing this to help maintain a friendship with someone very far away I know
it isn't a good idea, two I plan on keeping these rules commented out and
only opening these ports when I play the game online)  I need tcp 6667,
6073, 2300-2400, 28800-29000, and udp 2300-2400 all incoming (wow).  At
first I opened up these ports in ipf.rules to the IP of the PC I run the
game on, but I quickly noticed in the logs that the connected on these ports
were to my external IP of my firewall so I changed the rules.  Then I used
rdr rules in ipnat.rules to forward on this traffic to the pc I play the
game on.  I think this is right, but it does not work.  Here is what I have

1.1.1.1 = external ip of my firewall
2.2.2.2 = internal ip of * pc

ipf.rules
#MSN * Zone rules
pass in proto tcp from any to 1.1.1.1 port = 6667
pass in proto tcp from any to 1.1.1.1 port 28800 >< 29000

#DirectX 8 online * rules
pass in proto tcp from any to 1.1.1.1 port = 6073
pass in proto tcp from any to 1.1.1.1 port 2300 >< 2400
pass in proto udp from any to 1.1.1.1 port 2300 >< 2400

ipnat.rules
#Rules for MSN * Zone
rdr rl1 0.0.0.0/0 port 28800:29000 -> 2.2.2.2 port 28800:29000
rdr rl1 0.0.0.0/0 port 6667 -> 2.2.2.2 port 6667

#Rules for DirectX 8 online *
rdr rl1 0.0.0.0/0 port 6667 -> 2.2.2.2 port 6073
rdr rl1 0.0.0.0/0 port 2300:2400 -> 2.2.2.2 port 2300:2400
rdr rl1 0.0.0.0/0 port 2300:2400 -> 2.2.2.2 port 2300:2400 udp

I am assuming I have a problem with IPNAT, and I tried it with and without
the udp rule.  My brain is fried from working on computers at work and I
just can't figure this out at home.  Anyone have any ideas?

Thanks,

jw

To email me get rid of NOSPAM

 
 
 

ipnat and ipf question

Post by Ulf » Thu, 14 Jun 2001 02:02:07


I think it would be a good idea to check out bimap, instead of rdr. I am not
sure how these games works, but anyway... check out bimap. And opening those
ports you were talking about shouldnt be that much of a problem. Those were
all high ports, and those are unprevelegied. You should never keep ports
open if you dont need to, but I guess ports above 1024 are ok if you really
need them. But mechwarrior 4? that doesnt feel like a valid excuse at all...

--
Ulf
----------------------------------------------------------------
"D? fr?gade Pilatus: Vad ?r sanning?"
och eko svarade - profeten teg.
Med g?tans l?sning bakom slutna l?ppar
till underjorden Nazarenen steg.

(Gustaf Fr?ding)
----------------------------------------------------------------



Quote:> I am trying to get MechWarrior 4 to work through a firewall using IPF and
> IPNAT.  Using Microsoft's support pages I found out that I need several
> ports open. (Before anyone flames me let me explain two things, one I am
> doing this to help maintain a friendship with someone very far away I know
> it isn't a good idea, two I plan on keeping these rules commented out and
> only opening these ports when I play the game online)  I need tcp 6667,
> 6073, 2300-2400, 28800-29000, and udp 2300-2400 all incoming (wow).  At
> first I opened up these ports in ipf.rules to the IP of the PC I run the
> game on, but I quickly noticed in the logs that the connected on these
ports
> were to my external IP of my firewall so I changed the rules.  Then I used
> rdr rules in ipnat.rules to forward on this traffic to the pc I play the
> game on.  I think this is right, but it does not work.  Here is what I
have

> 1.1.1.1 = external ip of my firewall
> 2.2.2.2 = internal ip of * pc

> ipf.rules
> #MSN * Zone rules
> pass in proto tcp from any to 1.1.1.1 port = 6667
> pass in proto tcp from any to 1.1.1.1 port 28800 >< 29000

> #DirectX 8 online * rules
> pass in proto tcp from any to 1.1.1.1 port = 6073
> pass in proto tcp from any to 1.1.1.1 port 2300 >< 2400
> pass in proto udp from any to 1.1.1.1 port 2300 >< 2400

> ipnat.rules
> #Rules for MSN * Zone
> rdr rl1 0.0.0.0/0 port 28800:29000 -> 2.2.2.2 port 28800:29000
> rdr rl1 0.0.0.0/0 port 6667 -> 2.2.2.2 port 6667

> #Rules for DirectX 8 online *
> rdr rl1 0.0.0.0/0 port 6667 -> 2.2.2.2 port 6073
> rdr rl1 0.0.0.0/0 port 2300:2400 -> 2.2.2.2 port 2300:2400
> rdr rl1 0.0.0.0/0 port 2300:2400 -> 2.2.2.2 port 2300:2400 udp

> I am assuming I have a problem with IPNAT, and I tried it with and without
> the udp rule.  My brain is fried from working on computers at work and I
> just can't figure this out at home.  Anyone have any ideas?

> Thanks,

> jw

> To email me get rid of NOSPAM


 
 
 

ipnat and ipf question

Post by jw » Thu, 14 Jun 2001 12:40:03


Thanks for the advice.  I only have one IP address that is Internet
routable, and I use an internal IP address schema for all my other
computers.  I thought bimap was when I wanted to do a static NAT, and
therefore would need to have more than one real IP addresses.  I also
thought rdr was how I was suppose to be able to do this with only one.  Am I
missing something?

-jw
Take out NOSPAM to email me.


Quote:> I think it would be a good idea to check out bimap, instead of rdr. I am
not
> sure how these games works, but anyway... check out bimap. And opening
those
> ports you were talking about shouldnt be that much of a problem. Those
were
> all high ports, and those are unprevelegied. You should never keep ports
> open if you dont need to, but I guess ports above 1024 are ok if you
really
> need them. But mechwarrior 4? that doesnt feel like a valid excuse at
all...

 
 
 

ipnat and ipf question

Post by Ulf » Fri, 15 Jun 2001 03:27:54


Well. NAT stands for network adress translation. If you had several internet
valid ip's you would have no need for a nat. For more info on bimap, check
out the relevant man-pages.

--
Ulf



> Thanks for the advice.  I only have one IP address that is Internet
> routable, and I use an internal IP address schema for all my other
> computers.  I thought bimap was when I wanted to do a static NAT, and
> therefore would need to have more than one real IP addresses.  I also
> thought rdr was how I was suppose to be able to do this with only one.  Am
I
> missing something?

> -jw
> Take out NOSPAM to email me.



> > I think it would be a good idea to check out bimap, instead of rdr. I am
> not
> > sure how these games works, but anyway... check out bimap. And opening
> those
> > ports you were talking about shouldnt be that much of a problem. Those
> were
> > all high ports, and those are unprevelegied. You should never keep ports
> > open if you dont need to, but I guess ports above 1024 are ok if you
> really
> > need them. But mechwarrior 4? that doesnt feel like a valid excuse at
> all...