[mohaa] Linux IPTABLES and MOHA
Fredrick Ludden
luddenf at comcast.net
Sat Nov 9 11:29:36 EST 2002
Doh...
The firewall box (Slackware) is dual nic (192.168.1.1 and 68.xxx.xxx.xxx).
The MOH server (WinXP behind the firewall) is 192.168.1.20 and I only
***open*** the destination ports (dport).
Sorry for the confusion.
-----Original Message-----
From: Fredrick Ludden [mailto:luddenf at comcast.net]
Sent: Saturday, November 09, 2002 11:19 AM
To: mohaa at icculus.org
Subject: RE: [mohaa] Linux IPTABLES and MOHA
In order to run MOH on a server ***behind*** the firewall you must do two
things. Open the port on the firewall and do DNAT on the port. I only one
the destination ports (dport).
For example. (My firewall is a Slackware box with IP 192.168.1.20)
root at Annapolis:~# iptables -I block -p udp --dport 12203 -j ACCEPT
root at Annapolis:~# iptables -I block -p udp --dport 12300 -j ACCEPT
root at Annapolis:~# iptables -t nat -I PREROUTING -p udp --dport 12203 -j
DNAT --to-destination 192.168.1.20
root at Annapolis:~# iptables -t nat -I PREROUTING -p udp --dport 12300 -j
DNAT --to-destination 192.168.1.20
Now my rules look like this.
root at Annapolis:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
block all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
block all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain block (2 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:12300
ACCEPT udp -- anywhere anywhere udp dpt:12203
ACCEPT tcp -- anywhere anywhere tcp dpt:8080
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
DROP all -- anywhere anywhere
root at Annapolis:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT udp -- anywhere anywhere udp dpt:12300
to:192.168.1.20
DNAT udp -- anywhere anywhere udp dpt:12203
to:192.168.1.20
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
This works for me. Hope it helps. If anyone sees anything I did wrong,
please let us know.
Fred
-----Original Message-----
From: André Rivotti Casimiro [mailto:rivotti at netcabo.pt]
Sent: Saturday, November 09, 2002 9:18 AM
To: mohaa at icculus.org
Subject: RE: [mohaa] Linux IPTABLES and MOHA
Hi Ed,
Supose u have a mohaa server using the port 12203... u must edit the
/etc/sysconfig/iptables file and add the following lines before the COMMIT
line:
-A INPUT -p udp -m udp --sport 12203 -j ACCEPT
-A INPUT -p udp -m udp --dport 12203 -j ACCEPT
-A INPUT -p udp -m udp --sport 12300 -j ACCEPT
-A INPUT -p udp -m udp --dport 12300 -j ACCEPT
I'm using four servers with the ports 12203, 12204, 12205 and 12206...
-A INPUT -p udp -m udp --sport 12203:12206 -j ACCEPT
-A INPUT -p udp -m udp --dport 12203:12206 -j ACCEPT
-A INPUT -p udp -m udp --sport 12300 -j ACCEPT
-A INPUT -p udp -m udp --dport 12300 -j ACCEPT
The 12300 port is needed ... I'm not sure why but I thing it's used by
gamespy.
One thing... I have all OUTPUT accepted.
After edit the file do /etc/init.d/iptables restart. I thing this will help.
If anyone has a better configuration please say so.
Regards
André Rivotti Casimiro
Contifax.com
-----Mensagem original-----
De: Eduardo E. Silva [mailto:esilva at silvex.com]
Enviada: sábado, 9 de Novembro de 2002 6:49
Para: mohaa at icculus.org
Assunto: [mohaa] Linux IPTABLES and MOHA
Has anybody setup a MOH server behind IPtables using a Non-plublic IP
(178.16,
198.168, etc) on the MOH server ?
If so let me know!
Ed Silva
Silvex Consulting Inc.
(714) 504-6870 Cell
More information about the Mohaa
mailing list