Help - Search - Members - Calendar
Full Version: Opening Up Firewall To Gain Teamspeak Access
Linuxhelp > Support > Technical Support
FritsTheWaterplant
Hi,

I have just set up an debian woody server, with an iptables firewall. (script below) Everything works great exept that I can't run teamspeak (an voice chat application). That is, I can't connect to the server (the box with the firewall) from my home computer. When I switch the firewall off, I can connect. If I open up all the ports I can connect. If I just open port 8767 (teamspeak server port) I can't connect.

My firewall drops all incoming packets

/sbin/iptables -P INPUT DROP

and then I open up any ports I need for myself

/sbin/iptables -A INPUT -p tcp -s 81.69.68.98 -d 0/0 --dport 22 -j ACCEPT

I have been going trough a lot of forums and guides, and it seems that a lot of apps just initialize a connection trough the assigned port (8767) and then just route all the traffic over another port, to keep the assigned port free. So the connection initialization from the client through port 8767 works just fine, but after that, it can't send data over the other port. This should be fixed by adding this rule:

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

but it doesn't. I'm clueless what to do next?

Here is my entire firewall script:

/sbin/iptables -A INPUT -p tcp -s 80.126.106.155 -d 0/0 --dport 22 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -F
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MASQUERADE
/sbin/iptables -F
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -i eth1 -s 192.168.0.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s 80.126.106.155 -d 0/0 --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s 81.69.68.98 -d 0/0 --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 8767 -j ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
adam.stokes
You only have tcp does teamspeak need udp at all? if so you will need to add that as well
FritsTheWaterplant
Yeah, that's it. Thanks
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.