Shorewall users - Jul 2004 - setting up a lan based game

does anyone know the rule that I need to set to allow a lan based game 
to access the lan. I am new to networking underlinux and still learning.

I am using shorewall 2.X

the game is amegatron

it used port 4534

thanks for any help

Rick Seitz wrote:
> does anyone know the rule that I need to set to allow a lan based game 
> to access the lan. I am new to networking underlinux and still learning.
> 
> I am using shorewall 2.X
> 
> the game is amegatron
> 
> it used port 4534
> 
Your question doesn''t make complete sense as asked. Is it that you have
this game (amegatron) that you want to play among your local computers 
*including the firewall*?

Also, by itself "port 4534" doesn''t tell the whole story; we
also need
to know the protocol. Given that a game is involved, I''ll assume UDP.

If the answer to the first question is "Yes", and if my assumption
about
the protocol is correct, and if you have named your zones using the 
normal convention then I believe you need:

ACCEPT	fw	loc	udp	4534
ACCEPT	loc	fw	udp	4534

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep wrote:
> Rick Seitz wrote:
>
>> does anyone know the rule that I need to set to allow a lan based 
>> game to access the lan. I am new to networking underlinux and still 
>> learning.
>>
>> I am using shorewall 2.X
>>
>> the game is amegatron
>>
>> it used port 4534
>>
>
> Your question doesn''t make complete sense as asked. Is it that you
> have this game (amegatron) that you want to play among your local 
> computers *including the firewall*?
>
> Also, by itself "port 4534" doesn''t tell the whole
story; we also need
> to know the protocol. Given that a game is involved, I''ll assume
UDP.
>
> If the answer to the first question is "Yes", and if my
assumption
> about the protocol is correct, and if you have named your zones using 
> the normal convention then I believe you need:
>
> ACCEPT    fw    loc    udp    4534
> ACCEPT    loc    fw    udp    4534
>
> -Tom
ok i think that is where I am lost, i thought the same thing and if I 
turn off shorewall the games runs, if I turn it on it doens find the 
LAN. I have tried both udp and tcp. any suggestions would be appreciated.

Rick Seitz wrote:
> Tom Eastep wrote:
> 
>> Rick Seitz wrote:
>>
>>> does anyone know the rule that I need to set to allow a lan based 
>>> game to access the lan. I am new to networking underlinux and still
>>> learning.
>>>
>>> I am using shorewall 2.X
>>>
>>> the game is amegatron
>>>
>>> it used port 4534
>>>
>>
>> Your question doesn''t make complete sense as asked. Is it that
you
>> have this game (amegatron) that you want to play among your local 
>> computers *including the firewall*?
>>
>> Also, by itself "port 4534" doesn''t tell the whole
story; we also need
>> to know the protocol. Given that a game is involved, I''ll
assume UDP.
>>
>> If the answer to the first question is "Yes", and if my
assumption
>> about the protocol is correct, and if you have named your zones using 
>> the normal convention then I believe you need:
>>
>> ACCEPT    fw    loc    udp    4534
>> ACCEPT    loc    fw    udp    4534
>>
>> -Tom
> 
> 
> ok i think that is where I am lost, i thought the same thing and if I 
> turn off shorewall the games runs, if I turn it on it doens find the 
> LAN. I have tried both udp and tcp. any suggestions would be appreciated.
Maybe someone else on the list more familiar with games can decode the 
phrase "doens find the LAN" but I haven''t a clue what it
means (even if
I correct the typo). I guess it is another way of saying "It
doesn''t work".

If you don''t see anything useful in your log (and if you do, please try
to use FAQ 17) then I would place this in /etc/shorewall/actions:

	:REJECT

then try the game again and see if the log has anything useful in it.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Rick Seitz wrote:
> 
> Tom Eastep wrote:
> 
> > Rick Seitz wrote:
> >
> >> does anyone know the rule that I need to set to allow a lan based
> >> game to access the lan. I am new to networking underlinux and
still
> >> learning.
> >>
> >> I am using shorewall 2.X
> >>
> >> the game is amegatron
> >>
> >> it used port 4534
> >>
> >
> > Your question doesn''t make complete sense as asked. Is it
that you
> > have this game (amegatron) that you want to play among your local
> > computers *including the firewall*?
> >
> > Also, by itself "port 4534" doesn''t tell the whole
story; we also need
> > to know the protocol. Given that a game is involved, I''ll
assume UDP.
> >
> > If the answer to the first question is "Yes", and if my
assumption
> > about the protocol is correct, and if you have named your zones using
> > the normal convention then I believe you need:
> >
> > ACCEPT    fw    loc    udp    4534
> > ACCEPT    loc    fw    udp    4534
> >
> > -Tom
> 
> ok i think that is where I am lost, i thought the same thing and if I
> turn off shorewall the games runs, if I turn it on it doens find the
> LAN. I have tried both udp and tcp. any suggestions would be appreciated.
If you have a single subnet behind a dual-homed Shorewall box, like
192.168.0.0/24 residing on the firewall''s eth1, connected to a
hub/switch and you also accept the default policies with the
two-interface guide:

http://shorewall.net/two-interface.htm

then every pc on your LAN should be able to connect with each ther, game
wise.. well, it sounds like something else may be incorrect in your
settings. So, if you could show some of your logs output it would be
easier to pinpoint.. You would normally add an ACCEPT/DNAT rule for udp
port 4534 if you would like someone from the "outside" to participate
in
your LAN gaming.


-- 
Patrick Benson
Stockholm, Sweden

On Saturday 17 July 2004 09:09 pm, Tom Eastep wrote:

->If you don''t see anything useful in your log (and if you do,
please try
->to use FAQ 17) then I would place this in /etc/shorewall/actions:
->
->	:REJECT
->
->then try the game again and see if the log has anything useful in it.
->
->-Tom

I play games here on my 4 comp LAN (3 desktops, 1 laptop) using Shorewall with 
Mandrake v9.2 with no problems. I trust the people on my LAN (my sons and 
wife) so you''ll have to decide if thats alright with your setup, but
what I
did was open everything between the addresses on the LAN. Everything between 
192.168.0.100 thru 192.168.0.104 is accessible to each other. Of course 
nothing is allowed from "outside".

I believe these are the pertinent lines from /etc/shorewall/rules:

####################################################################################################
#ACTION  SOURCE		DEST      	PROTO	DEST    SOURCE	   ORIGINAL	RATE		USER
#                       	        	PORT    PORT(S)    DEST		LIMIT
ACCEPT net:192.168.0.0/24       fw              all
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Tom can tell you exactly what to do to open it up in the manner I describe but 
I''ll bet its in a FAQ or somesuch on the website already. Check there
first.

HTHs! :-)

-- 

                                                                       /\
                                                                 Dark<
>Lord
                                                                       \/

Patrick Benson wrote:
>Rick Seitz wrote:
>  
>
>>Tom Eastep wrote:
>>
>>    
>>
>>>Rick Seitz wrote:
>>>
>>>      
>>>
>>>>does anyone know the rule that I need to set to allow a lan
based
>>>>game to access the lan. I am new to networking underlinux and
still
>>>>learning.
>>>>
>>>>I am using shorewall 2.X
>>>>
>>>>the game is amegatron
>>>>
>>>>it used port 4534
>>>>
>>>>        
>>>>
>>>Your question doesn''t make complete sense as asked. Is it
that you
>>>have this game (amegatron) that you want to play among your local
>>>computers *including the firewall*?
>>>
>>>Also, by itself "port 4534" doesn''t tell the
whole story; we also need
>>>to know the protocol. Given that a game is involved, I''ll
assume UDP.
>>>
>>>If the answer to the first question is "Yes", and if my
assumption
>>>about the protocol is correct, and if you have named your zones
using
>>>the normal convention then I believe you need:
>>>
>>>ACCEPT    fw    loc    udp    4534
>>>ACCEPT    loc    fw    udp    4534
>>>
>>>-Tom
>>>      
>>>
>>ok i think that is where I am lost, i thought the same thing and if I
>>turn off shorewall the games runs, if I turn it on it doens find the
>>LAN. I have tried both udp and tcp. any suggestions would be
appreciated.
>>    
>>
>
>If you have a single subnet behind a dual-homed Shorewall box, like
>192.168.0.0/24 residing on the firewall''s eth1, connected to a
>hub/switch and you also accept the default policies with the
>two-interface guide:
>
>http://shorewall.net/two-interface.htm
>
>then every pc on your LAN should be able to connect with each ther, game
>wise.. well, it sounds like something else may be incorrect in your
>settings. So, if you could show some of your logs output it would be
>easier to pinpoint.. You would normally add an ACCEPT/DNAT rule for udp
>port 4534 if you would like someone from the "outside" to
participate in
>your LAN gaming.
>
>
>  
>
I am new to networking with linux so please bear with me if I dont quite
understand what you need to see.
Which log file would be good to post here.....syslog? or a different one.
I will look at the ACCEPT/DNAT policies and see what I can figure out.
thank you for you help.

Rick Seitz wrote:
>>
> I am new to networking with linux so please bear with me if I dont quite
> understand what you need to see.
> Which log file would be good to post here.....syslog? or a different one.
That depends on how syslog is configured on your system.

Please take a look at http://shorewall.net/shorewall_logging.html and 
post back if you still have questions.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Rick Seitz wrote:
> I am new to networking with linux so please bear with me if I dont quite
> understand what you need to see.
> Which log file would be good to post here.....syslog? or a different one.
> I will look at the ACCEPT/DNAT policies and see what I can figure out.
> thank you for you help.
No problem, it''s always a nightmare in the beginning.. ;-) Logging
issues can be found in:

http://shorewall.net/shorewall_logging.html

Your system''s logs are usually stored in the /var/log/ directory, many
distributions use the files "messages" and "syslog". First
of all, are
you using a pc solely dedicated to firewalling/routing or are you using
one as your desktop along with Shorewall? If you see a logging message,
in one of those files, with reference to your gaming issue, just copy +
paste the tidbit in an email and we''ll see if we can locate the
policy/rule that is the cause of the blocking. If you are using the
default policy file that came with Shorewall and haven''t added any
special extra rules then you shouldn''t be having any connection
problems
with games on your LAN. See what you can find in your log''s file
first..

-- 
Patrick Benson
Stockholm, Sweden

Patrick Benson wrote:
> Rick Seitz wrote:
> 
> 
>>I am new to networking with linux so please bear with me if I dont quite
>>understand what you need to see.
>>Which log file would be good to post here.....syslog? or a different
one.
>>I will look at the ACCEPT/DNAT policies and see what I can figure out.
>>thank you for you help.
> 
> 
> No problem, it''s always a nightmare in the beginning.. ;-) Logging
> issues can be found in:
> 
> http://shorewall.net/shorewall_logging.html
> 
> Your system''s logs are usually stored in the /var/log/ directory,
many
> distributions use the files "messages" and "syslog".
First of all, are
> you using a pc solely dedicated to firewalling/routing or are you using
> one as your desktop along with Shorewall? If you see a logging message,
> in one of those files, with reference to your gaming issue, just copy +
> paste the tidbit in an email and we''ll see if we can locate the
> policy/rule that is the cause of the blocking. If you are using the
> default policy file that came with Shorewall and haven''t added any
> special extra rules then you shouldn''t be having any connection
problems
> with games on your LAN. See what you can find in your log''s file
first..
> 
And if you are using your Linux box as a part of your local LAN (which 
sounds like what you are doing) then you might just consider adding 
these two policies:

	ACCEPT	fw	loc
	ACCEPT	loc	fw

And removing any fw<->loc rules. That way, traffic between your firewall 
and your other systems will be unrestricted.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep wrote:
> Patrick Benson wrote:
>
>> Rick Seitz wrote:
>>
>>
>>> I am new to networking with linux so please bear with me if I dont 
>>> quite
>>> understand what you need to see.
>>> Which log file would be good to post here.....syslog? or a
different
>>> one.
>>> I will look at the ACCEPT/DNAT policies and see what I can figure
out.
>>> thank you for you help.
>>
>>
>>
>> No problem, it''s always a nightmare in the beginning.. ;-)
Logging
>> issues can be found in:
>>
>> http://shorewall.net/shorewall_logging.html
>>
>> Your system''s logs are usually stored in the /var/log/
directory, many
>> distributions use the files "messages" and
"syslog". First of all, are
>> you using a pc solely dedicated to firewalling/routing or are you using
>> one as your desktop along with Shorewall? If you see a logging message,
>> in one of those files, with reference to your gaming issue, just copy +
>> paste the tidbit in an email and we''ll see if we can locate
the
>> policy/rule that is the cause of the blocking. If you are using the
>> default policy file that came with Shorewall and haven''t added
any
>> special extra rules then you shouldn''t be having any
connection problems
>> with games on your LAN. See what you can find in your log''s
file first..
>
>
> And if you are using your Linux box as a part of your local LAN (which 
> sounds like what you are doing) then you might just consider adding 
> these two policies:
>
>     ACCEPT    fw    loc
>     ACCEPT    loc    fw
>
> And removing any fw<->loc rules. That way, traffic between your 
> firewall and your other systems will be unrestricted.
>
> -Tom
Just a quick note to patrick and tom. Thank you very much for your help. 
everything is working fine now. I appreciate all the help. Kind of feel 
stupid here but the game had a second option where i could configure the 
lan connection instead of scanning for it and it worked fine.  Yes the 
FW computer is also a desltop on the LAN. I only use Linux now. Got 
tired of all the errors windows would develop on its own. havent had 
aproblem with linux since I installed it, just taking time to learn a 
new system. the only thing I have left to do is configure the fw to 
allow the other computers to send and receive mail.

Again thanks for the help

Rick