[techtalk] iptables and MSN zone

Nicole Zimmerman colby at wsu.edu
Wed Feb 7 09:01:22 EST 2001


I posted a thought like this on debian-user and I didn't get any response.
It seems the migration to 2.4 is slower than we wanted it to be ;o)

I configured a friend's box to do NAT/firewalling with 2.4 and the script
iptables-firewall from firewall.nerdherd.net. It worked great after my
interfaces were configured, detected and did NAT well. The others on the
hub were able to get on the internet and ho diddly hum their lives away
until someone tried to play Asheron's Call.

I didn't think about this problem ahead of time and I know I've seen a few
solutions, but I don't know if I've seen them for 2.4. We did some reading
and it seems that games like Asheron's Call that operate over MSN's gaming
zone use "loose UDP", whatever that means. A google search came up with
lots of gaming info, firewall info, and security info. We asked a
networking prof what "loose UDP" meant and he had no idea.

We ended up downgrading to 2.2.18 and echo "1" >
/proc/sys/net/ipv4/ip_masq_udp_dloose to get it to work. This was
apparently a well known fix, and it did fix the problem. It also took
another 2 or so hours of work because of a less than stellar hard drive
and a fairly slow processor (all it's doing is NAT/firewalling), along
with some strange random problem that rebooted the computer mysteriously
(I think it was gcc-unstable) until we made mrproper and started over.

We rgrep'ed the 2.4 source and did find some udp_dloose information in
some ipmasq files (probably ipmasq.c), but nothing in iptables. 

Anyone got Asheron's Call to work with 2.4? How? Is it really something
simple that I've overlooked?

I don't mind downgrading to 2.2.18 to get it to work, that's what we did
and it worked great. It means I don't have to go back over to fix it until
they kick a cable out and don't know where to plug it back in again.

-nicole





More information about the Techtalk mailing list