[ previous ] [ next ] [ threads ]
 
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  Nick Lidakis <nlidakis at verizon dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Enemy Territory game server behind monowall, NAT & Firewall Rule.
 Date:  Tue, 02 Nov 2004 21:27:40 -0500
Nick Lidakis wrote:

> Christopher M. Iarocci wrote:
>
>> Nick Lidakis wrote:
>>
>>> I have really tried reading all the docs available on line as well 
>>> as searching through all of the mailing list archives using the 
>>> search function. If anyone can point out what I am doing wrong, I 
>>> would really appreciate it.
>>>
>>> Simply, I am trying to run an Enemy Territory dedicated server (on a 
>>> debian box) behind monowall. I need to have port 27960 open so that 
>>> friends on the Internet can join.
>>> From what I understand so far, I need to use the NAT inbound rule to 
>>> accomplish this, so I did this:
>>>
>>> Click on NAT, then Inbound
>>> click plus for new rule
>>> external port range is set to 27960
>>> NAT IP is set to the debian box, 192.168.1.10
>>> local port 27960
>>> interface is WAN
>>> external address=interface address
>>> and click the box to set the firewall rule
>>> protocol is set to tcp (though i did try tcp/udp and udp with no luck)
>>>
>>> click save, then apply changes.
>>>
>>> firewall rule options:
>>> Action=pass
>>> Interface=WAN
>>> Protocol=TCP
>>> Source=any
>>> Source port range=any and any
>>> Destination: TypeSingle host or alias
>>>                       Address=192.168.1.10
>>> Fragments and Logs= unchecked
>>>
>>>
>>> I have used NAT inbound to setup a rule for gtk-gnutella, and that 
>>> works just fine, the setting almost identical as the server rule I'm 
>>> trying to get working.
>>>
>>> When the server is started, it show up on the local lan, and I am 
>>> able to join and play without any problems. The server is not seen 
>>> on the
>>> Internet, and several people have tried connecting vi ip address and 
>>> were unable to do so.
>>>
>>>
>>> Any comments would be appreciated.
>>>
>> Nick,
>>
>> My first comment would be, what do the logs show when someone is 
>> trying to connect.  If the packets are not getting through, you 
>> should see a block in the log.  Show us that.  Other than that, it 
>> sounds as if you're doing exactly what you should be doing.
>>
>> Chris
>>
>     02:08:17.267389     WAN     67.68.214.184, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:15.725984     WAN     209.105.218.55, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:14.183840     WAN     65.33.55.219, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:13.882877     WAN     162.39.148.149, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:13.332229     WAN     80.238.40.233, port 39404     
> 192.168.1.10, port 3784     UDP
>     02:08:13.281683     WAN     70.240.167.155, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:13.270717     WAN     68.110.107.4, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:12.829900     WAN     80.238.40.233, port 39404     
> 192.168.1.10, port 3784     UDP
>     02:08:12.498029     WAN     200.83.214.141, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:11.899348     WAN     200.217.12.61, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:11.826444     WAN     80.238.40.233, port 39404     
> 192.168.1.10, port 3784     UDP
>     02:08:11.195235     WAN     68.142.232.32, port 27243     
> 192.168.1.10, port 3784     UDP
>     02:08:10.390290     WAN     64.230.86.13, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:10.051013     WAN     69.119.172.59, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:08.931210     WAN     216.167.227.53, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:08.513077     WAN     80.126.198.200, port 1362     
> 192.168.1.10, port 3784     UDP
>     02:08:08.324360     WAN     68.106.98.4, port 1075     
> 192.168.1.10, port 3784     UDP
>     02:08:07.736290     WAN     68.231.44.198, port 42948     
> 192.168.1.10, port 3784     UDP
>     02:08:06.599500     WAN     68.230.27.251, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:05.833716     WAN     68.230.192.53, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:05.582409     WAN     210.113.36.174, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:04.631388     WAN     84.41.150.151, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:04.011510     WAN     24.207.180.114, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:03.426857     WAN     68.230.157.37, port 61321     
> 192.168.1.10, port 3784     UDP
>     02:08:02.756401     WAN     24.60.111.19, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:02.545834     WAN     217.224.75.50, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:01.567676     WAN     24.86.97.246, port 61145     
> 192.168.1.10, port 3784     UDP
>     02:08:01.308169     WAN     66.158.159.245, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:01.273520     WAN     200.198.113.211, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:08:00.684485     WAN     67.149.22.16, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:59.808228     WAN     66.169.12.85, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:58.223537     WAN     200.104.91.117, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:57.277551     WAN     24.226.86.224, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:56.776794     WAN     66.117.225.157, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:56.438066     WAN     62.143.6.166, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:56.204728     WAN     69.29.30.145, port 62452     
> 192.168.1.10, port 3784     UDP
>     02:07:56.040895     WAN     65.94.71.97, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:53.382211     WAN     68.116.113.82, port 32987     
> 192.168.1.10, port 3784     UDP
>     02:07:53.332662     WAN     67.149.22.16, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:53.135817     WAN     209.105.218.55, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:52.842391     WAN     213.202.254.50, port 36680     
> 192.168.1.10, port 3784     UDP
>     02:07:48.732785     WAN     213.114.5.190, port 1477     
> 192.168.1.10, port 3784     UDP
>     02:07:48.176910     WAN     220.236.73.52, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:47.474502     WAN     128.120.190.105, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:46.562110     WAN     80.32.67.228, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:44.995810     WAN     68.225.243.186, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:43.633215     WAN     194.100.227.111, port 65171     
> 192.168.1.10, port 3784     UDP
>     02:07:42.832971     WAN     82.46.100.4, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:42.262626     WAN     68.100.150.55, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:42.113343     WAN     83.28.247.45, port 61473     
> 192.168.1.10, port 3784     UDP
>     02:07:42.061727     WAN     67.168.223.155, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:40.833611     WAN     68.142.232.32, port 27243     
> 192.168.1.10, port 3784     UDP
>     02:07:38.656090     WAN     24.107.141.246, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:38.423509     WAN     201.1.96.29, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:38.059103     WAN     68.117.130.60, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:37.565441     WAN     210.120.86.249, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:36.943216     WAN     207.248.40.252, port 20562     
> 192.168.1.10, port 3784     UDP
>     02:07:36.939843     WAN     81.41.180.217, port 4715     
> 68.160.246.240, port 445     TCP
>     02:07:35.490357     WAN     217.43.40.8, port 60126     
> 68.160.246.240, port 445     TCP
>     02:07:34.917989     WAN     24.88.65.130, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:34.733964     WAN     81.41.180.217, port 4715     
> 68.160.246.240, port 445     TCP
>     02:07:34.457305     WAN     66.131.109.172, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:34.113537     WAN     221.201.144.148, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:32.692313     WAN     210.113.36.174, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:30.444188     WAN     209.145.109.163, port 2656     
> 192.168.1.10, port 3784     UDP
>     02:07:30.361039     WAN     172.172.52.169, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:29.680741     WAN     218.239.74.102, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:28.322220     WAN     201.9.172.111, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:27.159988     WAN     66.235.51.59, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:26.774459     WAN     24.17.45.227, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:25.289674     WAN     213.114.7.216, port 3305     
> 192.168.1.10, port 3784     UDP
>     02:07:24.209815     WAN     80.121.5.82, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:23.949664     WAN     68.160.254.172, port 4542     
> 68.160.246.240, port 445     TCP
>     02:07:22.199417     WAN     24.136.92.207, port 56096     
> 192.168.1.10, port 3784     UDP
>     02:07:20.669560     WAN     68.160.254.172, port 4542     
> 68.160.246.240, port 445     TCP
>     02:07:20.646041     WAN     69.119.172.59, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:20.115772     WAN     24.215.27.66, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:19.822854     WAN     68.72.82.90, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:19.654258     WAN     64.229.4.50, port 61788     
> 192.168.1.10, port 3784     UDP
>     02:07:19.509669     WAN     4.47.1.251, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:18.352285     WAN     80.202.52.31, port 51839     
> 192.168.1.10, port 3784     UDP
>     02:07:15.556147     WAN     66.72.30.187, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:15.521807     WAN     68.175.76.198, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:13.761408     WAN     68.123.140.239, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:12.738148     WAN     80.238.40.233, port 38408     
> 192.168.1.10, port 3784     UDP
>     02:07:12.266133     WAN     80.238.40.233, port 38408     
> 192.168.1.10, port 3784     UDP
>     02:07:11.807407     WAN     24.0.254.39, port 32771     
> 192.168.1.10, port 3784     UDP
>     02:07:11.688122     WAN     67.161.1.233, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:11.240449     WAN     80.238.40.233, port 38408     
> 192.168.1.10, port 3784     UDP
>     02:07:11.233993     WAN     80.202.41.86, port 59185     
> 192.168.1.10, port 3784     UDP
>     02:07:10.823135     WAN     68.142.232.32, port 27243     
> 192.168.1.10, port 3784     UDP
>     02:07:09.620521     WAN     68.117.174.4, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:08.956761     WAN     24.201.92.88, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:08.657743     WAN     137.238.164.112, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:08.050029     WAN     209.105.218.55, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:07.605112     WAN     200.107.128.47, port 10120     
> 192.168.1.10, port 3784     UDP
>     02:07:07.015647     WAN     172.172.52.169, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:06.837929     WAN     68.123.140.239, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:05.835874     WAN     82.251.142.217, port 27960     
> 192.168.1.10, port 3784     UDP
>     02:07:03.782823     WAN     141.158.56.43, port 33123     
> 192.168.1.10, port 3784     UDP
>
>
>
It appears from the log that your clients are trying to connect to port 
3784, not 27960.  I suggest you open that one instead.  The source port 
is not important (your firewall rule should allow the source IP and 
ports to be any), and not consistant.  It's the destination port you 
need to configure for, which from the logs, is 3784 UDP.

HTH
Chris