Date: Thu, 28 Nov 2002 10:27:16 +0100 From: "horcy" <apehaar@text-only.demon.nl> To: <freebsd-newbies@freebsd.org> Subject: FreeBSD ipf/ipnat box Warcraft 3 routing problem Message-ID: <003001c296c0$57cd6140$2d00a8c0@jos>
next in thread | raw e-mail | index | archive | help
I'm running FreeBSD 4.7 RELEASE and want to host Warcraft 3 games on the pc
behind the fbsd box.
At the moment i can join games but not host/create a custom game.
My box has a ipf/ipnat setup.
I'm no FreeBSD guru but i've tried alot and check the mailing list and al
sorts of mans etc etc...
I also found this information on Blizzard's web site concering the ports for
Warcraft 3.
This is what Blizzards says:
Warcraft III:
a.. Allow port 6112 TCP out and allow established sessions in
b.. Allow port 6112 TCP in (hosting custom games)
c.. Allow port 6113-6119 TCP out and in (hosting custom games if you've
changed the default port in the Options/Gameplay screen)
Notes:
a.. "Established sessions in" applies to firewalls only. NAT will allow
the "established sessions in" automatically.
b.. NAT users will need to map any "in"s (hosting games only) to the IP
of the computer hosting the game.
c.. Warcraft III is the only Blizzard Title that currently supports
multiple players hosting games behind NAT.
I've tried to use this information in my ipf.rules and ipnat.rules but still
no luck.
-My ipf.rules:
block in quick on ed0 from 192.168.0.0/16 to any
block in quick on ed0 from 172.16.0.0/12 to any
block in quick on ed0 from 127.0.0.0/8 to any
block in quick on ed0 from 10.0.0.0/8 to any
block in quick on ed0 from 169.254.0.0/16 to any
block in quick on ed0 from 192.0.2.0/24 to any
block in quick on ed0 from 204.152.64.0/23 to any
block in quick on ed0 from 224.0.0.0/3 to any
block in quick on ed0 from 255.255.255.255/32 to any
block in quick on ed0 from 0.0.0.0/32 to any
block out quick on ed0 from any to 192.168.0.0/16
block out quick on ed0 from any to 172.16.0.0/12
block out quick on ed0 from any to 127.0.0.0/8
block out quick on ed0 from any to 10.0.0.0/8
block out quick on ed0 from any to 169.254.0.0/16
block out quick on ed0 from any to 192.0.2.0/24
block out quick on ed0 from any to 204.152.64.0/23
block out quick on ed0 from any to 224.0.0.0/3
block out quick on ed0 from any to 255.255.255.255/32
block out quick on ed0 from any to 0.0.0.0/32
# drop any IP packets with options set in them
block in quick all with ipopts
block in quick all with frag
block in quick all with short
block return-rst in quick proto tcp all flags FUP
# This host only runs sshd. no other services plus ftpd
pass in quick on ed0 proto tcp from any to any port = 22 flags S keep state
pass in quick on ed0 proto tcp from any to any port = 21 flags S keep state
# open ports for wc3
pass in quick on ed0 proto tcp from any to any port 6110 >< 6120
pass out quick on ed0 proto tcp from any to any port 6110 >< 6120
# To receive traceroute replies
pass in quick on ed0 proto icmp from any to any icmp-type timex keep state
pass in quick on ed0 proto icmp from any to any icmp-type echorep
# Outbound traffic from our own IPs is allowed
# Could be made more strict for icmp
pass out quick on ed0 proto tcp/udp from 212.238.193.97/32 to any
pass out quick on ed0 proto tcp/udp from 212.238.193.97/24 to any
pass out quick on ed0 proto icmp from 212.238.193.97/32 to any
pass out quick on ed0 proto icmp from 192.168.1.0/24 to any
# Block and log all remaining traffic coming into the firewall
block return-rst in log quick on ed0 proto tcp from any to any
block return-icmp-as-dest(port-unr) in log quick on ed0 proto udp from any
to any
block in log quick on ed0 all
#################################################################
# Inside Interface
#################################################################
#----------------------------------------------------------------
# Allow out all TCP. UDP. and ICMP traffic & keep state
#----------------------------------------------------------------
pass out quick on rl0 proto tcp from any to any
pass out quick on rl0 proto udp from any to any
pass out quick on rl0 proto icmp from any to any
#----------------------------------------------------------------
# Allow in all TCP. UDP. and ICMP traffic & keep state
#----------------------------------------------------------------
pass in quick on rl0 proto tcp from any to any
pass in quick on rl0 proto udp from any to any
pass in quick on rl0 proto icmp from any to any
-My ipnat.rules:
map ed0 from 192.168.1.1 port = 6112 to any -> 0/32 portmap tcp 6110:6120
map ed0 from 192.168.1.1 to any port = 6112 -> 0/32 portmap tcp 6110:6120
rdr ed0 EXTERNIP/32 port 6110-6120 -> 192.168.1.2 port 6112 tcp/udp
rdr ed0 EXTERNIP/32 port 6210-6220 -> 192.168.1.3 port 6212 tcp/udp
map ed0 192.168.1.1/24 -> 0/32 proxy port ftp ftp/tcp
map ed0 192.168.1.1/24 -> 0/32 portmap tcp/udp auto
map ed0 192.168.1.1/24 -> 0/32
I hope somebody sees what i'm doing wrong.
Your help is very much appriciated.
horcy
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003001c296c0$57cd6140$2d00a8c0>