[lug] More iptables...
Mr Viggy
LittleViggy at alum.manhattan.edu
Fri Dec 27 15:02:34 MST 2002
Right, which is why I added the DNAT rules. Basically, as I understand
it, those rules should route unsolicited packets (new packets) to the
machine that I'm using as the game client. This way, the game server
can talk to the client...
But, as I write this, I'm wondering if those packets are being ignored,
because I have my "lock down" rule first, in the FORWARD table!!! I.e.,
before I set the FORWARD rules for the specific ports, I have a general
ruile that says if the connection is NEW, drop it!!!
I think I just solved my problem!
Viggy
D. Stimits wrote:
> ....
>
>>
>> Am I missing a few rules here? I have some universal rules in the
>> iptables chains that basically allow all packets to leave.
>
>
>
> Logging rules for anything that will refuse, and in this case, any NAT,
> could be very useful. And of course with NAT, I would assume the
> internal system must generate a request for the outside to reply to...if
> the game server involved tries to connect directly to your machine,
> rather than as a response to your outgoing request, you will have problems.
>
> D. Stimits, stimits AT attbi DOT com
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
> .
>
More information about the LUG
mailing list