openning port for battle.net with iptables
in [Linux Networking]
|
Prev: After set master mode can't see essid from other laptop
Next: Packet forwarding for Battle.net port 4000 6112-6119
From: Owner on 1 Apr 2010 22:57 How do I open port for battle.net with iptables. I searched the internet and can't find the answer need to open these port 4000 TCP,UDP in and out port 6113-6119 TCP,UDP in and out
From: Mark Hobley on 1 Apr 2010 23:55 Owner <Owner(a)owner-pc.com> wrote: > How do I open port for battle.net with iptables. > port 4000 TCP,UDP in and out > port 6113-6119 TCP,UDP in and out Are you forwarding to the battlenet server, or does it run on the same machine as iptables? Basically, you need to either accept traffic for those ports on the input chain or forward the traffic to the destination server (via the forward chain). To accept traffic on the input chain: iptables -A INPUT -p tcp --dport 4000 -jACCEPT iptables -A INPUT -p udp --dport 4000 -jACCEPT (Do the same for ports 6113-6119) If you are blocking outbound traffic you need to also apply the rules to the output chain, or again forward to output (if you are forwarding). These rules must be above the blocking rules in the chain (ie, you must accept before you block). Mark. -- Mark Hobley Linux User: #370818 http://markhobley.yi.org/
From: Owner on 2 Apr 2010 10:02 On Fri, 02 Apr 2010 04:55:59 +0100, Mark Hobley wrote: > Owner <Owner(a)owner-pc.com> wrote: >> How do I open port for battle.net with iptables. port 4000 TCP,UDP in >> and out >> port 6113-6119 TCP,UDP in and out my fault that correct open ports needed are 6112-6119 > Are you forwarding to the battlenet server, or does it run on the same > machine as iptables? forwarding to the battle.net server > Basically, you need to either accept traffic for those ports on the > input chain or forward the traffic to the destination server (via the > forward chain). > > To accept traffic on the input chain: > > iptables -A INPUT -p tcp --dport 4000 -jACCEPT iptables -A INPUT -p udp > --dport 4000 -jACCEPT > > (Do the same for ports 6113-6119) > > If you are blocking outbound traffic you need to also apply the rules to > the output chain, or again forward to output (if you are forwarding). > > These rules must be above the blocking rules in the chain (ie, you must > accept before you block). > > Mark.
From: Mark Hobley on 2 Apr 2010 11:36 Owner <Owner(a)owner-pc.com> wrote: > forwarding to the battle.net server Right. My notes were for accepting as input. Because you are forwarding, you need to add rules to the forward chain. Remember that you will need to add rules for both incoming traffic and outgoing traffic. Mark. -- Mark Hobley Linux User: #370818 http://markhobley.yi.org/
From: Owner on 2 Apr 2010 12:39
On Fri, 02 Apr 2010 16:36:26 +0100, Mark Hobley wrote: > Owner <Owner(a)owner-pc.com> wrote: >> forwarding to the battle.net server > > Right. My notes were for accepting as input. Because you are forwarding, you > need to add rules to the forward chain. > > Remember that you will need to add rules for both incoming traffic and > outgoing traffic. > > Mark. ok i figured these commands open the ports on linux box but problem is now I can't connect to battle.net server is something wrong with these commands to open the port and play game at battle.net? How come this works with bittorrent but not with battle.net server? iptables -t nat -A PREROUTING -p tcp --dport 4000 -j DNAT --to-destination 10.1.1.52 iptables -t nat -A PREROUTING -p udp --dport 4000 -j DNAT --to-destination 10.1.1.52 iptables -A FORWARD -s 10.1.1.52 -p tcp --dport 4000 -j ACCEPT iptables -A FORWARD -s 10.1.1.52 -p udp --dport 4000 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 6112:6119 -j DNAT --to-destination 10.1.1.52 iptables -t nat -A PREROUTING -p udp --dport 6112:6119 -j DNAT --to-destination 10.1.1.52 iptables -A FORWARD -s 10.1.1.52 -p tcp --dport 6112:6119 -j ACCEPT iptables -A FORWARD -s 10.1.1.52 -p udp --dport 6112:6119 -j ACCEPT btw set up is internet -- linuxbox ( which i'm configuring ) -- access point -- my laptop here's my current setting I opened port 59527 read from tutorial on the web. # Generated by iptables-save v1.4.0 on Fri Apr 2 09:31:11 2010 *nat :PREROUTING ACCEPT [392:56543] :POSTROUTING ACCEPT [4:244] :OUTPUT ACCEPT [4:244] -A PREROUTING -p tcp -m tcp --dport 59527 -j DNAT --to-destination 10.1.1.52 -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE COMMIT # Completed on Fri Apr 2 09:31:11 2010 # Generated by iptables-save v1.4.0 on Fri Apr 2 09:31:11 2010 *filter :INPUT ACCEPT [971:234521] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [408:58162] -A FORWARD -s 10.1.1.0/24 -o eth0 -j ACCEPT -A FORWARD -d 10.1.1.0/24 -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 10.1.1.52/32 -p tcp -m tcp --dport 59527 -j ACCEPT COMMIT # Completed on Fri Apr 2 09:31:11 2010 and also result from iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 10.1.1.0/24 anywhere ACCEPT all -- anywhere 10.1.1.0/24 state RELATED,ESTAB LISHED ACCEPT tcp -- 10.1.1.52 anywhere tcp dpt:59527 Chain OUTPUT (policy ACCEPT) target prot opt source destination |