Battle.Net Games Through Linux Firewalls?

dj51d asks: "I have set up a P90 running Red Hat 6 as a Masqereding firewall, and much to my dismay have found that Battle.Net games don't work through the firewall. The protocol uses udp port 6112. Any ideas on how to let this port trough the firewall?"

I sure do...

[smkndrkn]

I also had the same problem a while back. When I was running the old 2.0.XX kernels I used two programs called
ipportfw
and
ipautofw
now I'm using the a newer 2.2.xx kernel and the program is ipmasqadm
Here are what my firewall rules look like. My internal machine is 192.168.1.2:

ipmasqadm autofw -A -r tcp 6112 6112 -h 192.168.1.2
ipmasqadm autofw -A -r udp 6112 6112 -h 192.168.1.2

this code is included in the newer kernels...I think if you have a kernel before 2.0.37 you have to patch it.

Here you can find the patches and links to other sites and info.
http://ipmasq.cjb.net/

Also check here http://www.tsmservices.com/masq/ It has more info for the kinds of things you want to do.
Later Gary R

Firewall passing BattleNet

[yabHuj]

smkndrkn wrote:
>ipmasqadm autofw -A -r tcp 6112 6112 -h 192.168.1.2
>ipmasqadm autofw -A -r udp 6112 6112 -h 192.168.1.2

I do not know the AUTOFW feature, so maybe the following part is obsolete: always remember that you do not only have to get out, the answer has to get back in, too.

If Battle.Net only uses UDP, chances are good, that the channel back is UDP port 6112, too. If TCP is used, chances are good, that TCP ports 1024-65535 are used.

Qapla'!

Re:Firewall passing BattleNet

[CaptainSuperBoy]

Yeah, but if it uses TCP it should probably play nice and just let the client open a connection and use that, rather than opening a new connection back.. I don't think it uses TCP though, most games don't.

It's strange, I have a 386 running 2.0.37 masquerading for my home and I didn't have to do anything like this to get games to work. Half-life, Q2 and Kingpin all work fine. Haven't tried any battle.net games though.

Also, the command I used is ipfwadm - is that obsolete now? That means people need to change their startup scripts if they go to 2.2...

OK, this one's official.

[BKX]

According to the Linux IP Masquerade mini HOWTO, for battle.net you must forward UDP port 6112 and TCP ports 116 and 118. For StarCraft and newer versions of Diablo you must also forward TCP port 6112.

To do this forwarding use IPPORTFW. For more info check out the IP Masquerade mini and standard howtos.

IPChains

[chocolatetrumpet]

so how do I do this using IPchains?

Is your UDP Loose?

[AT]

If you are using one of the 2.0.XX series of kernels, get the loose-udp patch from this [caltech.edu] page. It makes a big difference in performance of multiplayer games and the extra auto port forwarding is unneccessary.

Andrew

ipchains script

[WarMage]

Here's a script that I use...
sccomp is the computer that you're playing starcraft on
gwcomp is the linux computer
gwcompex is the internet IP of your linux computer

You must have ipportfw support compiled in your kernel, or loaded as a module for this to work, and you might need to grab ipmasqadm from somewhere....
#!/bin/sh
sccomp=192.168.0.2
gwcomp=192.168.0.1
gwcompex=216.102.231.2
ipmasqadm portfw -a -P tcp -L $sccomp 6112 -R $gwcomp 6112
ipmasqadm portfw -a -P tcp -L $gwcompex 6112 -R $gwcomp 6112
ipmasqadm portfw -a -P udp -L $sccomp 6112 -R $gwcomp 6112
ipmasqadm portfw -a -P udp -L $gwcompex 6112 -R $gwcomp 6112

hate to flame but.. freebsd does this better :D

[bugg]

i'm a freebsd user and highly recommend natd.

man natd tells you everything you need to know.
Its a sinch to setup, no problems whatsoever.
only caveat is without extra setup games with more than one other person with lag. so when you are invoking natd use the command: (for example)
natd -m -n ex0 -redirect_port udp 6112 10.0.0.2:6112
in which ex0 is the nic you are running natd on (man natd) and 10.0.0.2 is the IP from the computer that you are running sc/bw on.

$.02