From owner-freebsd-questions Sat Aug 19 12:15:56 2000 Delivered-To: freebsd-questions@freebsd.org Received: from emerald.oz.net (emerald2.oz.net [216.39.128.2]) by hub.freebsd.org (Postfix) with ESMTP id E86E137B424 for ; Sat, 19 Aug 2000 12:15:53 -0700 (PDT) Received: from oz.net (vikki.oz.net [216.39.144.179]) by emerald.oz.net (8.9.3/8.7.3) with ESMTP id MAA04673 for ; Sat, 19 Aug 2000 12:08:05 -0700 (PDT) Message-ID: <399EDCF5.ACD83FCA@oz.net> Date: Sat, 19 Aug 2000 12:16:05 -0700 From: Victoria Welch X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd questions Subject: MP Flight sim firewall requirements, plse help! Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello All and TIA, I just set up a fbsd box as a firewall and I am trying to get MP flight sim set up on one of the w98 boxes behind the firewall, but it isn't working. Perhaps there might be someone out here on the list whom might have tackled and solved this challenge? Also FYI: I am NATting out on a different IP from the internal one (198.134.137.0). .13 is the box I use to do the flight simming on. According to the m$ docs on the subjects the following ports are used (in and out): 47624 for initial contact and then 2300-2400 for subsequent communications. The following is my /etc/rules.conf. It seems to be that it should be working, but alas, no :(. I'm real new to bsd/bsd and that probably doesn't help :-) :-/. -=-=-=-=-=-=-=-=-=-=- /etc/rules.conf -=-=-=-=-=-=-=-=-=-=-=-=-=- block in on dc0 all block in quick on xl1 from 192.168.0.0/16 to any block in quick on xl1 from 172.16.0.0/12 to any block in quick on xl1 from 10.0.0.0/8 to any block in quick on xl1 from 127.0.0.0/8 to any block in quick on xl1 from 20.20.20.0/24 to any #block in quick proto tcp all with short block return-icmp-as-dest (port-unr) in quick on xl1 proto udp from any to any port = 514 block return-icmp-as-dest (port-unr) in quick on xl1 proto tcp from any to any port = 23 # MP Flight sim pass in quick on xl1 proto tcp from any to 198.134.137.13/32 port = 47624 flags S keep state pass in quick on xl1 proto tcp from any to 198.134.137.13/24 port 2299 >< 2401 flags S keep state # udp follows pass in quick on xl1 proto udp from any to 198.134.137.13/32 port = 47624 keep state pass in quick on xl1 proto udp from any to 198.134.137.13/32 port 2299 >< 2401 keep state # -- end MP flight sim mods. # -- irc server # irc pass in # -- end irc server mods pass in quick on xl1 proto tcp from any to 198.134.137.1/32 port = 80 flags S keep state # pass in quick on xl1 proto tcp from any to 198.134.137.1/24 port = 80 pass out quick on xl1 proto tcp from any to any flags S keep state pass out quick on xl1 proto udp from any to any keep state pass out quick on xl1 proto icmp from 198.134.137.0/24 to any keep state pass in quick on xl1 proto icmp from any to 198.134.137.0/24 icmp-type 0 pass in quick on xl1 proto icmp from any to 198.134.137.0/24 icmp-type 11 block in quick on xl1 proto icmp from any to any pass in quick on xl1 proto tcp from any to any flags S keep state keep frags pass in quick on xl1 proto udp from any to any keep state keep frags #block out quick on xl1 all -=-=-=-=-=-=-=-=-=-=-=-=-=- end /etc/rules.conf -=-=-=-=-=-=-=-=-=-=-=-=- Is it possible that I am doing this in the wrong place? Perhaps I should be doing the somehow with ipnat? Yes, I am indeed confused :-) :-(. Any thoughts very much appreciated! I suspect that actually subscribing to this list would be a real good thing, but in the interum, please CC me if you would. I'm finding things about this FBSD thing I really like :-) more and more as time goes on :-). Thanks & take care, Vikki -- Victoria Welch, WV9K, DoD#-13, SysAdmin SeaStar.org, vikki.oz.net "Walking on water and developing software to specification are easy as long as both are frozen" - Edward V. Berard. Do not unto others, that which you would not have others do unto you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message