From owner-freebsd-questions Tue Jan 1 8:37:27 2002 Delivered-To: freebsd-questions@freebsd.org Received: from hermes.epita.fr (hermes.epita.fr [163.5.255.10]) by hub.freebsd.org (Postfix) with ESMTP id 0C75737B41E for ; Tue, 1 Jan 2002 08:37:22 -0800 (PST) Received: from kenny (kenny [10.42.14.16]) by hermes.epita.fr id g01GbDM09166 for freebsd-questions@freebsd.org EPITA Paris France Tue, 1 Jan 2002 17:37:14 +0100 (MET) Date: Tue, 1 Jan 2002 17:37:13 +0100 From: luc wastiaux To: freebsd-questions@freebsd.org Subject: ipfw rules and counterstrike Message-ID: <20020101173713.A16349@kenny.epita.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, I have a 4.4R NAT box serving my ADSL connection, everything seems to be working fine except for couterstrike. when I attempt to connect to a server or refresh the server list, the console on the NAT box says "natd failed to write packet back (permission denied). I have tried the following: -mapping ports 27000-27020 UDP, 6003TCP 7002TCP from the NAT box to the win box -opening high ports with ipfw add allow udp from any to any 1024-65536, ipfw add allow tcp from any to any 1024-65536 I haven't been sucessful so far. I'm a newbie when it comes to firewall set up, so the info I gathered about half-life behind firewalls on the web is not of much use to me since I don't know how to apply it to my case. What I would like to know is if some people have a similar setup and managed to get counterstrike to work ? thanks a lot. below is my firewall ruleset: # Firewall rules # Written by Marc Silver (marcs@draenor.org) # http://draenor.org/ipfw # Freely distributable # Define the firewall command (as in /etc/rc.firewall) for easy # reference. Helps to make it easier to read. fwcmd="/sbin/ipfw" # Force a flushing of the current rules before we reload. $fwcmd -f flush # Divert all packets through the tunnel interface. $fwcmd add divert natd all from any to any via tun0 # Allow all data from my network card and localhost. Make sure you # change your network card (mine was fxp0) before you reboot. :) $fwcmd add allow ip from any to any via lo0 $fwcmd add allow ip from any to any via ed0 $fwcmd add allow ip from any to any via ed1 # Allow all connections that I initiate. $fwcmd add allow tcp from any to any out xmit tun0 setup # Once connections are made, allow them to stay open. $fwcmd add allow tcp from any to any via tun0 established # Everyone on the internet is allowed to connect to the following # services on the machine. This example specifically allows connections # to ssh and apache. $fwcmd add allow tcp from any to any 22 setup # This sends a RESET to all ident packets. $fwcmd add reset log tcp from any to any 113 in recv tun0 # Allow outgoing DNS queries ONLY to the specified servers. $fwcmd add allow udp from any to 193.252.19.3 53 out xmit tun0 $fwcmd add allow udp from any to 193.252.19.4 53 out xmit tun0 # Allow them back in with the answers... :) $fwcmd add allow udp from 193.252.19.3 53 to any in recv tun0 $fwcmd add allow udp from 193.252.19.4 53 to any in recv tun0 # Allow ICMP (for ping and traceroute to work). You may wish to # disallow this, but I feel it suits my needs to keep them in. $fwcmd add allow icmp from any to any # Deny all the rest. $fwcmd add deny log ip from any to any -- -luc | wastia_l@epita.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message