Hi,
After trying nearly everything possible I have to ask this question here.
My ISP gives me 4 static IPs. I have 3 machines, one of them is Linux box
with 2.4.6 kernel. Here is a diagram of my setup:
------------------------------------------------
ADSL-modem IP-address 10.xxx.yyy.153
Linux Box eth1 IP-address 10.xxx.yyy.155
eth0 IP-address 192.168.0.1
WinDOHs box #1 IP-address 192.168.0.100
WinDOHs box #2 IP-address 192.168.0.101
------------------------------------------------
What I want is to have WinBox#1 to NAT to 10.xxx.yyy.157 (one of my static
IP's)
and WinBox#2 to NAT to 10.xxx.yyy.158. This is what I think I have
accomplished as I am able to browse the net, use FTP etc. from the WinBoxes.
I am even able to play Starcraft from the WinBoxes (in the same game) but I
am NOT able to host a game of Starcraft, which annoys me greatly ;).
I used tcpdump and checked my firewall logs and it seems that packets that
should be NATted to either one of the WinBoxes (hosting the Starcraft game)
hit the rules in my INPUT-chain and not FORWARD-chain? Opening the ports
Starcraft uses in the INPUT-chain did not solve the problem.
So my question is: what am I doing wrong? Why are the packets coming from
internet hit the INPUT-chain?
Here is a clip of the scripts I am using:
----------------------------------------------------------------------------------
$IT -t nat -A POSTROUTING -o $EXTIF -j SNAT -s 192.168.0.100 --to
10.xxx.yyy.156
$IT -t nat -A POSTROUTING -o $EXTIF -j SNAT -s 192.168.0.101 --to
10.xxx.yyy.157
$IT -t nat -A PREROUTING -i $LANIF -j DNAT -d 10.xxx.yyy.156 --to
192.168.0.100
$IT -t nat -A PREROUTING -i $LANIF -j DNAT -d 10.xxx.yyy.157 --to
192.168.0.101
ip address add 10.xxx.yyy.156 dev eth1
ip address add 10.xxx.yyy.157 dev eth1
$IT -A FORWARD -j ACCEPT -i $EXTIF -d $LANIP -p tcp --dport 4000
$IT -A FORWARD -j ACCEPT -i $EXTIF -d $LANIP -p udp --dport 4000
$IT -A FORWARD -j ACCEPT -i $EXTIF -d $LANIP -p tcp --dport 6112:6119
$IT -A FORWARD -j ACCEPT -i $EXTIF -d $LANIP -p udp --dport 6112:6119
----------------------------------------------------------------------------------
Thanks in advance!
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
After trying nearly everything possible I have to ask this question here.
My ISP gives me 4 static IPs. I have 3 machines, one of them is Linux box
with 2.4.6 kernel. Here is a diagram of my setup:
------------------------------------------------
ADSL-modem IP-address 10.xxx.yyy.153
Linux Box eth1 IP-address 10.xxx.yyy.155
eth0 IP-address 192.168.0.1
WinDOHs box #1 IP-address 192.168.0.100
WinDOHs box #2 IP-address 192.168.0.101
------------------------------------------------
What I want is to have WinBox#1 to NAT to 10.xxx.yyy.157 (one of my static
IP's)
and WinBox#2 to NAT to 10.xxx.yyy.158. This is what I think I have
accomplished as I am able to browse the net, use FTP etc. from the WinBoxes.
I am even able to play Starcraft from the WinBoxes (in the same game) but I
am NOT able to host a game of Starcraft, which annoys me greatly ;).
I used tcpdump and checked my firewall logs and it seems that packets that
should be NATted to either one of the WinBoxes (hosting the Starcraft game)
hit the rules in my INPUT-chain and not FORWARD-chain? Opening the ports
Starcraft uses in the INPUT-chain did not solve the problem.
So my question is: what am I doing wrong? Why are the packets coming from
internet hit the INPUT-chain?
Here is a clip of the scripts I am using:
----------------------------------------------------------------------------------
$IT -t nat -A POSTROUTING -o $EXTIF -j SNAT -s 192.168.0.100 --to
10.xxx.yyy.156
$IT -t nat -A POSTROUTING -o $EXTIF -j SNAT -s 192.168.0.101 --to
10.xxx.yyy.157
$IT -t nat -A PREROUTING -i $LANIF -j DNAT -d 10.xxx.yyy.156 --to
192.168.0.100
$IT -t nat -A PREROUTING -i $LANIF -j DNAT -d 10.xxx.yyy.157 --to
192.168.0.101
ip address add 10.xxx.yyy.156 dev eth1
ip address add 10.xxx.yyy.157 dev eth1
$IT -A FORWARD -j ACCEPT -i $EXTIF -d $LANIP -p tcp --dport 4000
$IT -A FORWARD -j ACCEPT -i $EXTIF -d $LANIP -p udp --dport 4000
$IT -A FORWARD -j ACCEPT -i $EXTIF -d $LANIP -p tcp --dport 6112:6119
$IT -A FORWARD -j ACCEPT -i $EXTIF -d $LANIP -p udp --dport 6112:6119
----------------------------------------------------------------------------------
Thanks in advance!
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp