[cod] Awaiting key code authorization error on LAN

aquariusrick at hotmail.com aquariusrick at hotmail.com
Wed Jan 16 04:04:45 EST 2008


> > It's LAN  or Internet not both.

Does anyone know a specific reason for this?  Just curious.......

> Assuming he can set up a secondary address on his router, would it be feasible
> for him to set up a second subnet on the LAN and then connect to the server
> from that subnet ?
> 

I haven't tried that, but it's not a bad idea.  The workaround I came up with isn't exactly pretty, but it works.  I've had to add a few rules to my linux firewall script (using IPTABLES).  I
already have rules in place which redirect traffic coming from the public internet to the Call of Duty 4 server.  To make this work for internal clients I did the following: 

1. Added rule which redirects traffic coming from the internal NIC, going to my public (external) IP address, on any of the Call of duty 4 ports back to the Call of duty server.  (This essentially forwards the packet back off the same NIC - see next rule)

2. (NOTE: If the default policy in the forward chain is to drop packets, then you will need this next rule as well....)
Next I added a rule allowing packets to be forwarded in, and out the same (internal) NIC.  

3. Next I added a rule to 'SNAT' (change the source address for) all packets which came from my internal subnet, leaving on the internal NIC to be translated with my server's external IP.  This ensures that when the packets get to the COD4 server from the internal clients they have a source address that's a public internet IP address (my public IP).  Also having a rule at the top which accepts RELATED,ESTABLISHED packets is essential to keep everything returning back to the clients properly.

Confusing??  I think so.....  Here's basically what I have in my firewall script (if this makes more sense).....
This basically assumes that you have a linux IPTABLES router/firewall already configured to forward packets across NICs, and that your (dedicated/internet) Call of Duty 4 server is on the same local subnet as one ore more clients who wish to connect.  

====================================
#!/bin/sh
#Path to IPTABLES
IPTABLES="/sbin/iptables"
#Interface for the External NIC
OUTSIDE=eth1
#Interface for the Internal NIC

INSIDE=eth0
#My external IP address
OUTSIDE_IP=xx.xx.xx.xx
#IP Address of my Call of Duty 4 server
COD=192.68.1.100

# This ensures that all return packets go to the correct place.
$IPTABLES -t nat -A PREROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT

#Here we're changing the destination address of packets coming in on the internal NIC,
# going to the outside IP on any of the COD4 ports
$IPTABLES -t nat -A PREROUTING -i $INSIDE -p udp --dport 20800 -d $OUTSIDE_IP -j DNAT --to $COD
$IPTABLES -t nat -A PREROUTING -i $INSIDE -p udp --dport 20810 -d $OUTSIDE_IP -j DNAT --to $COD
$IPTABLES -t nat -A PREROUTING -i $INSIDE -p udp --dport 28960 -d $OUTSIDE_IP -j DNAT --to $COD
$IPTABLES -A FORWARD -i $INSIDE -o $INSIDE -j ACCEPT


#These are my existing rules which allow packets to be forwarded to the server from the outside 
# (public internet) - shown here for clarity....
$IPTABLES -t nat -A PREROUTING -i $OUTSIDE -p udp --dport 20800 -j DNAT --to $COD
$IPTABLES -t nat -A PREROUTING -i $OUTSIDE -p udp --dport 20810 -j DNAT --to $COD
$IPTABLES -t nat -A PREROUTING -i $OUTSIDE -p udp --dport 28960 -j DNAT --to $COD
$IPTABLES -A FORWARD -i $OUTSIDE -j ACCEPT

#Here we're changing the source address of packets going out on the internal NIC, which currently have a 
# source IP from the the internal (private) subnet range.
$IPTABLES -t nat -A POSTROUTING -s 192.68.1.0/255.255.255.0 -o $INSIDE -j SNAT --to $OUTSIDE_IP
===================

Hope this helps someone........  Cheers!

-Rick

_________________________________________________________________
Share life as it happens with the new Windows Live.
http://www.windowslive.com/share.html?ocid=TXT_TAGHM_Wave2_sharelife_012008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20080116/f2812e56/attachment.htm>


More information about the Cod mailing list