[ previous ] [ next ] [ threads ]
 
 From:  Magikman <magikmanv2 at cox dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Counter Strike: Source - Server
 Date:  Tue, 14 Feb 2006 19:20:30 -0500
Hello everyone,

     I have just recently migrated my gateway away from smoothwall and 
am now using m0n0wall. All has gone well so far with the exception of 
one minor problem. I run a Counter Strike: Source dedicated server from 
my home. Unfortunately my server is not visible to anyone looking 
through the steam list; however, anyone can join using the direct IP (or 
by adding it as a favorite). As you might imagine, this is a problem for 
me.

    The following is an output of the status page of my router:

unparsed ipnat rules:

map rl1 192.168.1.0/24  -> 0/32 proxy port ftp ftp/tcp
map rl1 192.168.1.0/24  -> 0/32 portmap tcp/udp auto
map rl1 192.168.1.0/24  -> 0/32
map rl1 192.168.4.0/24  -> 0/32 proxy port ftp ftp/tcp
map rl1 192.168.4.0/24  -> 0/32 portmap tcp/udp auto
map rl1 192.168.4.0/24  -> 0/32
rdr rl1 0/0 port 3389 -> 192.168.4.4 port 3389 tcp
rdr rl1 0/0 port 27015 -> 192.168.4.4 port 27015 udp
rdr rl1 0/0 port 27015 -> 192.168.4.4 port 27015 tcp



unparsed ipfilter rules:

# loopback
pass in quick on lo0 all
pass out quick on lo0 all

# block short packets
block in log quick all with short

# block IP options
block in log quick all with ipopts

# allow access to DHCP server on LAN
pass in quick on dc0 proto udp from any port = 68 to 255.255.255.255 port = 67
pass in quick on dc0 proto udp from any port = 68 to 192.168.1.1 port = 67
pass out quick on dc0 proto udp from 192.168.1.1 port = 67 to any port = 68

# WAN spoof check
block in log quick on rl1 from 192.168.1.0/24 to any
block in log quick on rl1 from 192.168.4.0/24 to any

# allow our DHCP client out to the WAN
# XXX - should be more restrictive
# (not possible at the moment - need 'me' like in ipfw)
pass out quick on rl1 proto udp from any port = 68 to any port = 67
block in log quick on rl1 proto udp from any port = 67 to 192.168.1.0/24 port = 68
pass in quick on rl1 proto udp from any port = 67 to any port = 68

# LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses)
block in log quick on dc0 from ! 192.168.1.0/24 to any
block in log quick on rl0 from ! 192.168.4.0/24 to any

# block anything from private networks on WAN interface
block in log quick on rl1 from 10.0.0.0/8 to any
block in log quick on rl1 from 127.0.0.0/8 to any
block in log quick on rl1 from 172.16.0.0/12 to any
block in log quick on rl1 from 192.168.0.0/16 to any

# Block TCP packets that do not mark the start of a connection
skip 1 in proto tcp all flags S/SAFR
block in log quick proto tcp all

#---------------------------------------------------------------------------
# group head 100 - LAN interface
#---------------------------------------------------------------------------
block in log quick on dc0 all head 100

# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on dc0 all keep state

#---------------------------------------------------------------------------
# group head 200 - WAN interface
#---------------------------------------------------------------------------
block in log quick on rl1 all head 200

# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on rl1 all keep state
		
#---------------------------------------------------------------------------
# group head 300 - opt1 interface
#---------------------------------------------------------------------------
block in log quick on rl0 all head 300

# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on rl0 all keep state

# make sure the user cannot lock himself out of the webGUI
pass in quick from 192.168.1.0/24 to 192.168.1.1 keep state group 100

# User-defined rules follow
pass in quick proto udp from any to 192.168.4.4 port = 27015 keep state group 200 
pass in quick proto tcp from any to 192.168.4.4 port = 27015 keep state group 200 
pass in quick from 192.168.4.0/24 to !192.168.1.0/24 keep state group 300 
pass in quick proto udp from 192.168.4.0/24 to any port = 53 keep state group 300 
pass in quick proto icmp from 192.168.4.0/24 to !192.168.1.0/24 keep state group 300 
pass in quick from 192.168.1.0/24 to any keep state group 100 
block in quick proto udp from any to any port 2082 >< 2085 group 200 
block in quick proto udp from any to any port 1025 >< 1028 group 200 
pass in quick proto icmp from any to any keep state group 200 
pass in quick proto tcp from 70.***.***.*** to 192.168.4.4 port = 3389 keep state group 200 
	
#---------------------------------------------------------------------------
# default rules (just to be sure)
#---------------------------------------------------------------------------
block in log quick all
block out log quick all

If anyone is running a server of this type behind m0n0wall, or know 
what's going on here, please help me. :)

Thanks,
Magikman