Re: iptables

My iptables is a bit rusty, since I haven't fiddled with it much in a
while, but you should be able to play games, if it's configured
correctly. I've set up iptables on linux a few times that allowed games.

Long story short, you're misconfiguring. IPtables isn't broken.

My suggestion: look up iptables firewall scripts on the net, download
and customize to suit your needs. That's the easiest thing to do, and
what I've set up for other people (and myself in the past)

Adam

damien hull wrote:

>I've changed my iptables rules to allow for everything and do NAT. I
>still can't play. I'll take a look at Shorewall but I think I may have
>bigger problems.
>
>If I can't play when everything is wide open than something other then
>stateful packet filtering is broken.
>
>On Thu, 2005-03-10 at 15:55 -0900, Jeremy Austin wrote:
>
>
>>I have to say that I've always taken the (admittedly not low-level)
>>approach and used Shorewall to manipulate iptables. I used to do it
>>manually, but once I got above one subnet and two interfaces, my rules
>>got too big to handle alone. Shorewall divides traffic up into logical
>>zones into which you put your interfaces, default policies, and
>>firewall exceptions. It looks like what you're doing fits easily into
>>a default policy of allowing outgoing traffic and related.
>>
>>Shorewall (shorewall.net) also has a webmin module. Either way
>>(editing rules manually) is easy, you can have it up in 10 minutes or
>>less.
>>
>>Sorry for no more details,
>>Jeremy
>>
>>
>>On Thu, 10 Mar 2005 15:47:21 -0900, damien hull
>><dhull@digitaloverload.net> wrote:
>>
>>
>>>I'm trying to setup iptables so I can play games. According to a few
>>>websites iptables has stateful packet filtering. If setup correctly I
>>>should be able to play my games with out any problems. However, I am
>>>unable to play games.
>>>
>>>I'm either doing something wrong or Linux firewalls suck. I may be
>>>building an OpenBSD firewall soon. On an OpenBSD firewall I can play
>>>games with out any problems.
>>>
>>>Here's my iptables rules. I'm using Fedora Core 3 if that helps any. If
>>>you see something I'm doing wrong let me know.
>>>
>>># Generated by iptables-save v1.2.11 on Thu Mar 10 13:08:05 2005
>>>*mangle
>>>:PREROUTING ACCEPT [0:0]
>>>:INPUT ACCEPT [0:0]
>>>:FORWARD ACCEPT [0:0]
>>>:OUTPUT ACCEPT [0:0]
>>>:POSTROUTING ACCEPT [0:0]
>>>COMMIT
>>># Completed on Thu Mar 10 13:08:05 2005
>>># Generated by iptables-save v1.2.11 on Thu Mar 10 13:08:05 2005
>>>*filter
>>>:FORWARD ACCEPT [0:0]
>>>:INPUT DROP [0:0]
>>>:OUTPUT ACCEPT [0:0]
>>># accept traffic from all interface but not eth1
>>>-A INPUT ! -i eth1 -j ACCEPT
>>># setup stateful connections on eth1
>>>-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>>COMMIT
>>># Completed on Thu Mar 10 13:08:05 2005
>>># Generated by iptables-save v1.2.11 on Thu Mar 10 13:08:05 2005
>>>*nat
>>>:OUTPUT ACCEPT [0:0]
>>>:PREROUTING ACCEPT [0:0]
>>>:POSTROUTING ACCEPT [0:0]
>>>-A POSTROUTING -o eth1 -j MASQUERADE
>>>COMMIT
>>>
>>>---------
>>>To unsubscribe, send email to <aklug-request@aklug.org>
>>>with 'unsubscribe' in the message body.
>>>
>>>
>>>
>>>
>
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>
>
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Mar 10 16:03:43 2005