[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Re: MSN Gaming Zone and UDP]



I don't know if the $portnumber:$portnumber range syntax works.  I 
couldn't get it working either after a brief five minutes of trying.
Instead I brute forced my way through it. Make a quick script
to write out a bunch of ipnat rules.  You need the following ports
NAT'd and/or Allowed through your Gateway or IPF box. 

Allow an initial outbound TCP connection on port 47624. 
Allow subsequent inbound and outbound connections on 
TCP and UDP ports 2300-2400. 
Set appropriate permissions for DirectPlay (Client). 
Additionally, to play games on the Zone, the following TCP ports on
the firewall must be open: 28800 - 28912 
(Go figure... It's a microshaft product.)

Here is what my IPNAT rules look like. IP's changed to protect the
innocent
-----snip-----
rdr ex0 1.2.3.4/32 port 47624 -> 10.0.0.123/32 port 47624 tcp
rdr ex0 1.2.3.4/32 port 28800 -> 10.0.0.123/32 port 28800 tcp
rdr ex0 1.2.3.4/32 port 28800 -> 10.0.0.123/32 port 28801 tcp
rdr ex0 1.2.3.4/32 port 28800 -> 10.0.0.123/32 port 28803 tcp
#  etc... etc... Continue to port 28912
rdr ex0 1.2.3.4/32 port 28800 -> 10.0.0.123/32 port 2300 udp
rdr ex0 1.2.3.4/32 port 28800 -> 10.0.0.123/32 port 2301 udp
rdr ex0 1.2.3.4/32 port 28800 -> 10.0.0.123/32 port 2302 udp
#  etc... etc... Continue to port 2400 udp
rdr ex0 1.2.3.4/32 port 28800 -> 10.0.0.123/32 port 2300 tcp
rdr ex0 1.2.3.4/32 port 28800 -> 10.0.0.123/32 port 2301 tcp
rdr ex0 1.2.3.4/32 port 28800 -> 10.0.0.123/32 port 2302 tcp
-----snip-----

You will also probably need to open up the ports to the world as
well. I've never played on the "zone" just head to head with a few
other friends who used either IPF or IPCHAINS.  We just opened
up everything to each other on the firewalls during game play
afterwards we revert back to our normal paranoid ipnat and ipf
rules.  I'd suggest doing the same at the very least.  Of course
remember that your "rdr" rules need to come before your "map" 
rules.  Took me a day and one message on this board to figure
that out.

Here's a copy of the script a friend wrote.  This will make a quick
ipnat rules so you don't have to type them 200 times over and
over again.  Tweak to your liking.

#!/bin/ksh
min=2300
max=2400
outfile=/tmp/newrules.txt
while [ $min -le $max ]
do
        echo "rdr ex0 1.2.3.4/32 port $min -> 10.0.0.123 port $min udp"
>> $outfile
        min=$(($min+1))
done
# End of script

Disclaimer:  I might have allowed more than what is really needed 
inbound but then again I was running a server at the time too.  The 
Nat rules are probably bloated but I don't want to spend any more time
an a game I play once every few weeks.

Funny how MS games need all this while neato cool games like Quake3 
only needs one udp port opened inbound and that's only if you run
a q3 server.  hmmmmmm.

PD.

Dominic Ferraro wrote:
> 
> Hello,
> 
> I recently started using OpenBSD for NAT.  I am trying to connect to the MSN
> Gaming Zone to play some games, but unlike my Linux system I had previously,
> I am unable to connect to the gaming server.  I did a "tcpdump" to see what
> was going on, and it says "port 28000 unreachable".
> 
> I thought that I could just change the "portmap" line in my /etc/ipnat.rules
> configuration file from 10000:20000 to 10000:30000, but that didn't work (I
> rebooted my computer).  I then tried "10000:100000", but that didn't help
> either.  Other websites that need certain ports do not work either.  Do you
> know what I can do to solve this problem?
> 
> Your help is greatly appreciated.
> 
> Thank you,
> 
> Dominic Ferraro
> QA Engineer
> Netraverse, Santa Cruz



Visit your host, monkey.org