Hi everyone,
There seems to be a problem masquerading Asherons Call (Microsoft game)
connections from behind a Linux firewall as of 2.2.15. This problem appears
to exist in 2.2.15, 2.2.16 and 2.2.17pre4. It does manifest itself in 2.2.14
and below. I tested 2.2.14, 2.2.13 and 2.2.12. As it was 4am, I didn't get
around to testing with pre1, pre2 and pre3 :-)
Background
I am using a RedHat 6.2 machine to masquerade connections for my household
network to the internet via a Teles ISDN modem. Most connections would work,
but not Asherons Call. The kernel that is being used has been patched with
the USB backport, and the unified ide patch to allow the HPT366 controller
to work. The machine is a an Abit BP6 board with 2 Celeron 433's on it, not
overclocked. It has 64 MB Ram. These patches were all included in all test
kernels back to 2.2.13, where I couldn't find USB backport. The ide patch
was still included.
What Asheron's call requires
Asheron's call seems to require connections on ports 9000 - 9013. These are
all udp connections.
What went wrong
The connection to the game server would work, but it would not pass the
update step, where udp traffic is sent between the 2 machines.
IPChains being used
I was using a chainset generated by PMfirewall. This was not working. I then
went back to 'Rusty's three line masquerade guide'. I did
ipchains -F
ipchains -P forward DENY
ipchains -A forward -j MASQ
I used this ruleset through all the kernel tests, and it works perfectly
for 2.2.14 and below, but not 2.2.15 and above.
Below is a dump of using the following rule :
ipchain -A input -j ACCEPT -i ippp0 -l
Marvin is my paranoid android (Firewall - apologies to Douglass Adams).
213.1.167.39 is the IP address assigned to me at connect time by my ISP (BT
Internet). 207.46.172.* are the game servers. My internal network is
192.168.1.0/24.
Jun 25 00:19:54 marvin kernel: Packet log: input - ippp0 PROTO=6
207.46.172.61:28835 213.1.167.39:61853 L=512 S=0x00 I=21012 F=0x4000 T=115
(#1)
Jun 25 00:19:54 marvin kernel: Packet log: input - ippp0 PROTO=17
207.46.204.73:9001 213.1.167.39:61858 L=52 S=0x00 I=1898 F=0x0000 T=116 (#1)
Jun 25 00:19:54 marvin kernel: Packet log: input - ippp0 PROTO=6
207.46.172.61:28835 213.1.167.39:61853 L=100 S=0x00 I=32283 F=0x4000 T=115
(#1)
Jun 25 00:19:54 marvin kernel: Packet log: input - ippp0 PROTO=6
207.46.172.61:28835 213.1.167.39:61853 L=88 S=0x00 I=48669 F=0x4000 T=115
(#1)
Jun 25 00:19:55 marvin kernel: Packet log: input - ippp0 PROTO=6
207.46.172.61:28835 213.1.167.39:61853 L=288 S=0x00 I=13857 F=0x4000 T=115
(#1)
Jun 25 00:19:56 marvin kernel: Packet log: input - ippp0 PROTO=17
207.46.204.73:9001 213.1.167.39:61858 L=52 S=0x00 I=37497 F=0x0000 T=116
(#1)
Jun 25 00:19:57 marvin kernel: Packet log: input - ippp0 PROTO=6
207.46.172.61:28835 213.1.167.39:61853 L=288 S=0x00 I=36399 F=0x4000 T=115
(#1)
Jun 25 00:19:58 marvin kernel: Packet log: input - ippp0 PROTO=17
207.46.204.73:9001 213.1.167.39:61858 L=52 S=0x00 I=30346 F=0x0000 T=116
(#1)
Jun 25 00:19:58 marvin kernel: Packet log: input - ippp0 PROTO=6
207.46.172.61:28835 213.1.167.39:61853 L=288 S=0x00 I=43068 F=0x4000 T=115
(#1)
Jun 25 00:19:59 marvin kernel: Packet log: input - ippp0 PROTO=6
207.46.172.61:28835 213.1.167.39:61853 L=288 S=0x00 I=56638 F=0x4000 T=115
(#1)
I just thought I should pass all of this information on. I'm not sure if
this is a planned change, or if it's just weirdness :-)
Thanks,
-- /* Wayne Pascoe <wayne@penguinpowered.org.uk>For Perl scripts, help and glimpses into the meaning of life, surf over to http://www.penguinpowered.org.uk/ */
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 21:00:06 EST