| View previous topic :: View next topic |
| Author |
Message |
Evileye
l33t
Joined: 06 Aug 2003
Posts: 782
Location: Toronto
|
 Posted: Wed Nov 11, 2009 7:18 pm Post subject: Forwarding ports |
 |
|
Hello,
I need to know how to forward ports using iptables. My brother is playing Borderlands and it requires the following ports...
| Code: | tcp 28902
tcp 7777
tcp 28900
tcp 28910
udp 7777
udp 27900 |
... My network is setup as follows...
| Code: | | (Brothers Computer) - (Switch) -eth1- (Gentoo Linux Router) -eth0/ppp0- (Internet) |
...My brother wants to be able to create a game on his computer and have it so his friends can join the game. Anyone know what iptable rules I have to use to allow this.
My brothers computer has an ip address of 192.168.0.94
Last edited by Evileye on Fri Nov 13, 2009 6:25 am; edited 4 times in total |
|
| Back to top |
|
 |
anonybosh
Guru
Joined: 20 Nov 2005
Posts: 324
|
|
| Back to top |
|
|
Evileye
l33t
Joined: 06 Aug 2003
Posts: 782
Location: Toronto
|
| Posted: Wed Nov 11, 2009 8:00 pm Post subject: |
|
|
Thanks for the link but that article says that forwarding is done with the command
| Code: | | echo 1 > /proc/sys/net/ipv4/ip_forward |
I am using
| Code: | | echo 1 > /proc/sys/net/ipv4/conf/all/forwarding |
and neither seems to do what I want.
I have done some reading and apparently (I think) I have to use iptables PREROUTING, maybe something similar to the following...
| Code: | | iptables -t nat -A PREROUTING -p tcp -d 69.196.152.151 -i ppp0 --dport 7777 -j DNAT --to-destination 192.168.0.94:7777 |
|
|
| Back to top |
|
|
anonybosh
Guru
Joined: 20 Nov 2005
Posts: 324
|
| Posted: Wed Nov 11, 2009 8:55 pm Post subject: |
|
|
Ahh, I see it doesn't cover that, sorry.
| Quote: | | iptables -t nat -A PREROUTING -p tcp -d 69.196.152.151 -i ppp0 --dport 7777 -j DNAT --to-destination 192.168.0.94:7777 |
Yeah, that looks right. I think you will also need to allow packets to enter the chain with this:
| Code: | | iptables -A INPUT -i ppp0 -p tcp --dport 7777 -j ACCEPT |
|
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23064
|
| Posted: Thu Nov 12, 2009 1:14 am Post subject: |
|
|
| anonybosh wrote: | I think you will also need to allow packets to enter the chain with this:
| Code: | | iptables -A INPUT -i ppp0 -p tcp --dport 7777 -j ACCEPT |
|
No. This permits traffic to be accepted by the Gentoo machine, which would be relevant if Borderlands was executed on the Gentoo machine, rather than on an internal host. For NAT, you want the FORWARD chain. |
|
| Back to top |
|
|
Evileye
l33t
Joined: 06 Aug 2003
Posts: 782
Location: Toronto
|
| Posted: Thu Nov 12, 2009 5:21 am Post subject: |
|
|
ok, here is what I have and it doesn't work (I have each rule repeated for all the ports I need forwarded)
| Code: | iptables -A FORWARD -i ppp0 -p tcp --dport 7777 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i ppp0 -d 69.196.152.151 --dport 7777 -j DNAT --to-destination 192.168.0.94:7777
|
|
|
| Back to top |
|
|
Evileye
l33t
Joined: 06 Aug 2003
Posts: 782
Location: Toronto
|
| Posted: Thu Nov 12, 2009 6:16 pm Post subject: |
|
|
...ok, it kinda works...
What I mean by "kinda works" is that my brother starts up Borderlands and creates a game on his computer that I can join from my computer...but I can only join once, if I leave the game and I try and join it again I can't until my brother restarts the game on his computer.
Anyone know why I can only connect once and then my brother has to restart the game on his computer so I can join again?
UPDATE: ok, after multiple times trying to connect it has only "kinda worked" about 3 times. Other times it doesn't work at all.
Here are my my iptable rules...
| Quote: | #The following is for Borderlands
iptables -A FORWARD -i ppp0 -p tcp --dport 7777 -j ACCEPT
iptables -A FORWARD -i ppp0 -p tcp --dport 28900 -j ACCEPT
iptables -A FORWARD -i ppp0 -p tcp --dport 28902 -j ACCEPT
iptables -A FORWARD -i ppp0 -p tcp --dport 28910 -j ACCEPT
iptables -A FORWARD -i ppp0 -p udp --dport 7777 -j ACCEPT
iptables -A FORWARD -i ppp0 -p udp --dport 27900 -j ACCEPT
iptables -A FORWARD -i ppp0 -p udp --dport 28902 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i ppp0 -d 69.196.152.151 --dport 7777 -j DNAT --to-destination 192.168.0.94:7777
iptables -t nat -A PREROUTING -p tcp -i ppp0 -d 69.196.152.151 --dport 28900 -j DNAT --to-destination 192.168.0.94:28900
iptables -t nat -A PREROUTING -p tcp -i ppp0 -d 69.196.152.151 --dport 28902 -j DNAT --to-destination 192.168.0.94:28902
iptables -t nat -A PREROUTING -p tcp -i ppp0 -d 69.196.152.151 --dport 28910 -j DNAT --to-destination 192.168.0.94:28910
iptables -t nat -A PREROUTING -p udp -i ppp0 -d 69.196.152.151 --dport 7777 -j DNAT --to-destination 192.168.0.94:7777
iptables -t nat -A PREROUTING -p udp -i ppp0 -d 69.196.152.151 --dport 27900 -j DNAT --to-destination 192.168.0.94:27900
iptables -t nat -A PREROUTING -p udp -i ppp0 -d 69.196.152.151 --dport 28902 -j DNAT --to-destination 192.168.0.94:28902
|
Last edited by Evileye on Fri Nov 13, 2009 10:15 pm; edited 1 time in total |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23064
|
| Posted: Thu Nov 12, 2009 10:44 pm Post subject: |
|
|
| Nondeterminism with these rules suggests there are problems elsewhere. You should try a simpler testcase before you try to debug a game, particularly one that needs multiple ports. Start with proving that he can run a simple TCP listener, and that you can reliably connect to it across the NAT gateway. Also, take packet captures of the internal and external interfaces during each test. Use them to confirm that the packets are arriving from the Internet and to see whether they are successfully leaving the internal interface. |
|
| Back to top |
|
|
|
Networking & Security
