[mohaa] Linux IPTABLES and MOHA

Fredrick Ludden luddenf at comcast.net
Sat Nov 9 11:19:24 EST 2002 

In order to run MOH on a server ***behind*** the firewall you must do two
things.  Open the port on the firewall and do DNAT on the port.  I only one
the destination ports (dport).

For example.  (My firewall is a Slackware box with IP 192.168.1.20)

root at Annapolis:~# iptables -I block -p udp --dport 12203 -j ACCEPT
root at Annapolis:~# iptables -I block -p udp --dport 12300 -j ACCEPT
root at Annapolis:~# iptables -t nat -I PREROUTING -p udp --dport 12203 -j
DNAT --to-destination 192.168.1.20
root at Annapolis:~# iptables -t nat -I PREROUTING -p udp --dport 12300 -j
DNAT --to-destination 192.168.1.20

Now my rules look like this.

root at Annapolis:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
block      all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
block      all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain block (2 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere           udp dpt:12300
ACCEPT     udp  --  anywhere             anywhere           udp dpt:12203
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:8080
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp
ACCEPT     all  --  anywhere             anywhere           state
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state NEW
DROP       all  --  anywhere             anywhere

root at Annapolis:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       udp  --  anywhere             anywhere           udp dpt:12300
to:192.168.1.20
DNAT       udp  --  anywhere             anywhere           udp dpt:12203
to:192.168.1.20

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination



This works for me.  Hope it helps.  If anyone sees anything I did wrong,
please let us know.

Fred



-----Original Message-----
From: André Rivotti Casimiro [mailto:rivotti at netcabo.pt]
Sent: Saturday, November 09, 2002 9:18 AM
To: mohaa at icculus.org
Subject: RE: [mohaa] Linux IPTABLES and MOHA


Hi Ed,

Supose u have a mohaa server using the port 12203... u must edit the
/etc/sysconfig/iptables file and add the following lines before the COMMIT
line:

-A INPUT -p udp -m udp --sport 12203 -j ACCEPT
-A INPUT -p udp -m udp --dport 12203 -j ACCEPT
-A INPUT -p udp -m udp --sport 12300 -j ACCEPT
-A INPUT -p udp -m udp --dport 12300 -j ACCEPT

I'm using four servers with the ports 12203, 12204, 12205 and 12206...

-A INPUT -p udp -m udp --sport 12203:12206 -j ACCEPT
-A INPUT -p udp -m udp --dport 12203:12206 -j ACCEPT
-A INPUT -p udp -m udp --sport 12300 -j ACCEPT
-A INPUT -p udp -m udp --dport 12300 -j ACCEPT

The 12300 port is needed ... I'm not sure why but I thing it's used by
gamespy.
One thing... I have all OUTPUT accepted.

After edit the file do /etc/init.d/iptables restart. I thing this will help.
If anyone has a better configuration please say so.

Regards
André Rivotti Casimiro
Contifax.com

-----Mensagem original-----
De: Eduardo E. Silva [mailto:esilva at silvex.com]
Enviada: sábado, 9 de Novembro de 2002 6:49
Para: mohaa at icculus.org
Assunto: [mohaa] Linux IPTABLES and MOHA


Has anybody setup a MOH server behind IPtables using a Non-plublic IP
(178.16,
198.168, etc) on the MOH server ?

If so let me know!

Ed Silva
Silvex Consulting Inc.
(714) 504-6870 Cell

More information about the Mohaa mailing list