Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Opening Up Firewall To Gain Teamspeak Access
FritsTheWaterpla...
post Aug 1 2004, 12:58 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 2
Joined: 1-August 04
Member No.: 3,461



Hi,

I have just set up an debian woody server, with an iptables firewall. (script below) Everything works great exept that I can't run teamspeak (an voice chat application). That is, I can't connect to the server (the box with the firewall) from my home computer. When I switch the firewall off, I can connect. If I open up all the ports I can connect. If I just open port 8767 (teamspeak server port) I can't connect.

My firewall drops all incoming packets

/sbin/iptables -P INPUT DROP

and then I open up any ports I need for myself

/sbin/iptables -A INPUT -p tcp -s 81.69.68.98 -d 0/0 --dport 22 -j ACCEPT

I have been going trough a lot of forums and guides, and it seems that a lot of apps just initialize a connection trough the assigned port (8767) and then just route all the traffic over another port, to keep the assigned port free. So the connection initialization from the client through port 8767 works just fine, but after that, it can't send data over the other port. This should be fixed by adding this rule:

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

but it doesn't. I'm clueless what to do next?

Here is my entire firewall script:

/sbin/iptables -A INPUT -p tcp -s 80.126.106.155 -d 0/0 --dport 22 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -F
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MASQUERADE
/sbin/iptables -F
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -i eth1 -s 192.168.0.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s 80.126.106.155 -d 0/0 --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s 81.69.68.98 -d 0/0 --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 8767 -j ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
Go to the top of the page
 
+Quote Post
adam.stokes
post Aug 1 2004, 03:13 PM
Post #2


./configure
***

Group: Members
Posts: 65
Joined: 22-July 04
From: raleigh, NC
Member No.: 3,403



You only have tcp does teamspeak need udp at all? if so you will need to add that as well


--------------------
adam.stokes
Fedora Core rawhide, RHEL WS, ES, AS :)
Red Hat Certified Engineer
Go to the top of the page
 
+Quote Post
FritsTheWaterpla...
post Aug 2 2004, 03:25 AM
Post #3


Whats this Lie-nix Thing?
*

Group: Members
Posts: 2
Joined: 1-August 04
Member No.: 3,461



Yeah, that's it. Thanks
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 19th October 2017 - 12:34 AM