rec.autos.simulators

Is it possible to host a race behind a linux firewall/router ?

I am using a Linux kernel 2.4 with iptables. From different sources I
figured out that GPL (VROC) uses
some ports, so I tried following iptables rules:

iptables -N gpl
iptables -A gpl -i $INTERFACE -p udp --sport 6969:6971 -j ACCEPT
iptables -A gpl -i $INTERFACE -p udp --sport 32766:32786 -j ACCEPT
iptables -A PREROUTING -t nat -p udp --sport 32766:32786 -i $INTERFACE -j
DNAT --to $DEST_LAN_IP
iptables -A PREROUTING -t nat -p udp --sport 6969:6971 -i $INTERFACE -j
DNAT --to $DEST_LAN_IP
iptables -A FORWARD -j gpl

Unfortunatly it doesn't work. Has anybody an idea, what's wrong or missing
here ?

Thanks in advance and a happy new racing year for everybody,

Uli

I have a fair idea what works, but I can't understand your rules and
arguments. Could you write them out as some kind of standard fw config
rules?

/Jens

Hi Jens,

The rules are pretty easy. This script forwards all in and outcoming UDP
data from my Linux router to my windows pc.
The ports 6969  - 6971 and 32766 - 32786 for UDP are forwarded
using NAT.

The main question is: Is it possible to host a race behind a linux firewall
?

Regards,

Uli

/Jens

5. MULTIPLAYER - FIREWALLS
--------------------------

With GPL 1.0.0.0 it was difficult, if not impossible, to configure a firewall that would allow a GPL
client or server to run behind it.  This should now be fixed.  GPL now uses a range of 21
consecutive ports ([32766..32786], by default) for client/server communications, and  ports 6970 for
status broadcast and 6971 for ping responses.

To run from a machine with a private IP address behind a Linux firewall, you need to use a
combination of IP masquerading and IP autoforwarding.  The following three rules can be used.

ipfwadm -F -a accept -m -S a.a.a.a/m.m.m.m -D 0.0.0.0/0
ipautofw -A -r udp 6970 6971 -h a.a.a.a -v -u
ipautofw -A -r udp 32766 32786 -h a.a.a.a -v -u

where a.a.a.a is the address of the machine behind the firewall, and m.m.m.m is the netmask.  If you
run a server behind the firewall, clients should connect to the IP address of the firewall.

If you want to run more than one server behind a firewall, you'll need to give each of the servers
its own port range for client/server communications, and also include these port ranges in the
ipautofw rules.  In core.ini on each of the additional server machines, add the following:

--
Biz

"Don't touch that please, your primitive intellect wouldn't understand
alloys and compositions and,......things with molecular structures,....and
the....." - Ash

IP=`/sbin/ifconfig $IF | grep inet | cut -d : -f 2 | cut -d -f 1`
MASK=`/sbin/ifconfig $IF | grep Mas | cut -d : -f4`
NET=$IP/$MASK

# gpl

$IPT -A PREROUTING -t nat -p udp -d $NET --dport 6970:6971 -j DNAT --to 192.168.1.2

$IPT -A PREROUTING -t nat -p udp -d $NET --dport 32766:32786 -j DNAT --to 192.168.1.2

192.168.1.2 is my gpl machine on the local network.

HTH

uwe

--
Uwe Schuerkamp //////////////////////////// http://www.schuerkamp.de/
Herford, Germany \\\\\\\\\\\\\\\\\\\\\\\\\\ (52.0N/8.5E)
Ever wondered what's wrong with the world?      http://bnetwork.com/
PGP Fingerprint:  2E 13 20 22 9A 3F 63 7F  67 6F E9 B1 A8 36 A4 61

Set up a new filter rule.

Call the rule, say, "GPL server".

Set up protocol as UDP.

Set up direction as incoming.

Set up local end point as port range, and then enter the port range as
from 32766 to 32786.

Set up remote end point as any address and any port.

What about the application? do I need to set that as GPL.exe or WINVROC.exe?

Any info appreciated ta....

No probs joining, haven't tested hosting yet though.

--
Ren van Lobberegt, The Netherlands.
http://www.toptown.com/INNERCIRCLE/1846/

AMCA webmaster : http://www.amcaracing.nl/

8-)

*Peter* -  http://www.cix.co.uk/~peterpc/home.html