1. Store
  2. Apps
  3. Hardware
  4. Support
  5. Solutions

ClearFoundation

Forums
Welcome, Guest
IPtables issues
(1 viewing) 1 Guest
Go to bottomPage: 1
TOPIC: IPtables issues
#29745
IPtables issues 3 Years, 3 Months ago  
Hi Guys,


Just wondering if anyone can give me some help on an issue i am having with IPTABLES.


Im using a clearos server in my lan to serve two WAN connections and to load balance both of the WAN connections.

I have read up on the steam knowledge base that i need to forward all of the steam ports through one WAN connection as they do not support having authentication from two different IP addresses.


I have researched through the forums and through google and i have found another topic in this forum on how to add multiple ranges to the destination port rules.

www.clearfoundation.com/component/option...9/func,view/id,8382/

I ran the command
iptables -t mangle -A MULTIWAN_MARK -p udp -m multiport --destination-ports 2700:27015 -j MULTIWAN_ppp0, rebooted the server and found that there is no lan connectivity at all, the only way i have found to fix this is to disable ppp0.

I think the reason why the lan stops working with ppp0 enabled is due to the iptables rule i entered is wrong.


My question is how do i fix this?? I am just venturing into linux properly and have very basic knowledge.

Can anyone help me with removing the rules, and helping me with the syntax on how to enter the correct rule's so i can route all of steam's traffic over one internet connection.

support.steampowered.com/kb_article.php?...1456-EUDN-2493#ports is the link for the ports for Steam.


Thank you,


Rob
Rob
Fresh Boarder
Posts: 4
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#29748
Re: IPtables issues 3 Years, 3 Months ago  
I've no idea about multiwan, but have you tried "-j MULTIWAN_ethX" where ethX is the interface associated with ppp0. you may be able to check your destination target by looking at the (big) output of "service snort status" and seeing what MULTIWAN_xxxx sections exist.

Also there should normally be no reason to reboot. First try the command at the command line. If it then works put it in /etc/rc.d/rc.firewall.local so it will then be there when the firewall restarts. (ot instead or rc.firewall.local use the custom rules it of the webconfig)
Nick Howitt
Platinum Boarder
Posts: 5934
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#29749
Re: IPtables issues 3 Years, 3 Months ago  
Il try that, what is the syntax for removing rules???


Sorry about the dumb questions, first time i have used linux to its full advantage.



Cheers,


Rob
Rob
Fresh Boarder
Posts: 4
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#29750
Re: IPtables issues 3 Years, 3 Months ago  
To remove rules change the -I (insert) or -A (append) in the rule to -D (delete). Alternatively there is the simple sledgehammer "service firewall restart" which will clear all the manually added rules. I suggest you also google for "man iptables" to get an idea how some of it works.
Nick Howitt
Platinum Boarder
Posts: 5934
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#29752
Re: IPtables issues 3 Years, 3 Months ago  
Ok, thanks alot for the help.


Just one more question please, in regards to the service firewall restart, that will wipe all the iptable rules, is there a way to save them.

When i reboot the server, would that count as the service being restarted, i know it does in windows, dont know if it counts in linux.


Cheers,

Rob
Rob
Fresh Boarder
Posts: 4
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#29754
Re: IPtables issues 3 Years, 3 Months ago  
service firewall restart will reset the firewall to all rules defined in various files. This means that you will get the default rules, any rule you have added by the webconfig and anything you have manually added to files like /etc/rc.d/rc.firewall.local. All you should lose are any rules you have just typed into the command line. It therefore follows that to save your own rules you add them to /etc/rc.d/rc.firewall.local or via the webconfig.
Nick Howitt
Platinum Boarder
Posts: 5934
graphgraph
User Offline Click here to see the profile of this user
Last Edit: 2011/07/03 05:12 By NickH.
The administrator has disabled public write access.
 
#29785
Re: IPtables issues 3 Years, 3 Months ago  
Nick,


Im just reading up on iptables, and i read your first reply about running "service snort status" and i got the response snort: unrecognized service, could this be an issue???
Rob
Fresh Boarder
Posts: 4
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#29786
Re: IPtables issues 3 Years, 3 Months ago  
Sorry, I was trying to sort out a snort problem at the time. I meant "service firewall status".

[edit]
What you are looking for are the chains beginning MULTIWAN so you can see what the valid targets are for the -j bit of the firewall rule.
[/edit]
Nick Howitt
Platinum Boarder
Posts: 5934
graphgraph
User Offline Click here to see the profile of this user
Last Edit: 2011/07/04 07:50 By NickH.
The administrator has disabled public write access.
 
#30253
Re:IPtables issues 3 Years, 3 Months ago  
it doesnt work for me (ppp0=eth1 and ppp1=eth0)
iptables -t mangle -A MULTIWAN_MARK -p udp -m multiport --destination-ports 20000:21000 -j MULTIWAN_eth1

because the game still connected on both wan, any fix?
jbriga
Senior Boarder
Posts: 42
graphgraph
User Offline Click here to see the profile of this user
The administrator has disabled public write access.
 
#34205
Re:IPtables issues 2 Years, 11 Months ago  
Hi,

I did this just by editing the firewall file to make multiple rules. It's not neat but doesn't seem to slow my system down doing it this way. Would be much nicer if they'd add in port ranges.

Anyway edit /etc/firewall and stick these in near the bottom of the file. You'll see how it's formatted, just keep the formatting of the file the same.

So in my case Steam download traffic goes out of ppp0 and games go out of ppp1. This stops there being any lag if the another PC is updating or downloading games while another plays a game. There might be other ports you need but you get the idea. These will show up on your MultiWAN page in ClearOS.

Just restart the firewall once you've saved them to get them running.

Code:

SteamDownload_1||0x10000400|6||27014|ppp0 \
SteamDownload_10||0x10000400|6||27023|ppp0 \
SteamDownload_11||0x10000400|6||27024|ppp0 \
SteamDownload_12||0x10000400|6||27025|ppp0 \
SteamDownload_13||0x10000400|6||27026|ppp0 \
SteamDownload_14||0x10000400|6||27027|ppp0 \
SteamDownload_15||0x10000400|6||27028|ppp0 \
SteamDownload_16||0x10000400|6||27029|ppp0 \
SteamDownload_17||0x10000400|6||27030|ppp0 \
SteamDownload_18||0x10000400|6||27031|ppp0 \
SteamDownload_19||0x10000400|6||27032|ppp0 \
SteamDownload_2||0x10000400|6||27015|ppp0 \
SteamDownload_20||0x10000400|6||27033|ppp0 \
SteamDownload_21||0x10000400|6||27034|ppp0 \
SteamDownload_22||0x10000400|6||27035|ppp0 \
SteamDownload_23||0x10000400|6||27036|ppp0 \
SteamDownload_24||0x10000400|6||27037|ppp0 \
SteamDownload_25||0x10000400|6||27038|ppp0 \
SteamDownload_26||0x10000400|6||27039|ppp0 \
SteamDownload_27||0x10000400|6||27040|ppp0 \
SteamDownload_28||0x10000400|6||27041|ppp0 \
SteamDownload_29||0x10000400|6||27042|ppp0 \
SteamDownload_3||0x10000400|6||27016|ppp0 \
SteamDownload_30||0x10000400|6||27043|ppp0 \
SteamDownload_31||0x10000400|6||27044|ppp0 \
SteamDownload_32||0x10000400|6||27045|ppp0 \
SteamDownload_33||0x10000400|6||27046|ppp0 \
SteamDownload_34||0x10000400|6||27047|ppp0 \
SteamDownload_35||0x10000400|6||27048|ppp0 \
SteamDownload_36||0x10000400|6||27049|ppp0 \
SteamDownload_37||0x10000400|6||27050|ppp0 \
SteamDownload_4||0x10000400|6||27017|ppp0 \
SteamDownload_5||0x10000400|6||27018|ppp0 \
SteamDownload_6||0x10000400|6||27019|ppp0 \
SteamDownload_7||0x10000400|6||27020|ppp0 \
SteamDownload_8||0x10000400|6||27021|ppp0 \
SteamDownload_9||0x10000400|6||27022|ppp0 \
SteamGame_1||0x10000400|17||27000|ppp1 \
SteamGame_10||0x10000400|17||27009|ppp1 \
SteamGame_11||0x10000400|17||27010|ppp1 \
SteamGame_12||0x10000400|17||27011|ppp1 \
SteamGame_13||0x10000400|17||27012|ppp1 \
SteamGame_14||0x10000400|17||27013|ppp1 \
SteamGame_15||0x10000400|17||27014|ppp1 \
SteamGame_16||0x10000400|17||27015|ppp1 \
SteamGame_17||0x10000400|17||27016|ppp1 \
SteamGame_18||0x10000400|17||27017|ppp1 \
SteamGame_19||0x10000400|17||27018|ppp1 \
SteamGame_2||0x10000400|17||27001|ppp1 \
SteamGame_20||0x10000400|17||27019|ppp1 \
SteamGame_21||0x10000400|17||27020|ppp1 \
SteamGame_22||0x10000400|17||27021|ppp1 \
SteamGame_23||0x10000400|17||27022|ppp1 \
SteamGame_24||0x10000400|17||27023|ppp1 \
SteamGame_25||0x10000400|17||27024|ppp1 \
SteamGame_26||0x10000400|17||27025|ppp1 \
SteamGame_27||0x10000400|17||27026|ppp1 \
SteamGame_28||0x10000400|17||27027|ppp1 \
SteamGame_29||0x10000400|17||27028|ppp1 \
SteamGame_3||0x10000400|17||27002|ppp1 \
SteamGame_30||0x10000400|17||27029|ppp1 \
SteamGame_31||0x10000400|17||27030|ppp1 \
SteamGame_4||0x10000400|17||27003|ppp1 \
SteamGame_5||0x10000400|17||27004|ppp1 \
SteamGame_6||0x10000400|17||27005|ppp1 \
SteamGame_7||0x10000400|17||27006|ppp1 \
SteamGame_8||0x10000400|17||27007|ppp1 \
SteamGame_9||0x10000400|17||27008|ppp1 \
Steam_1||0x10000400|6||27015|ppp1 \
Steam_2||0x10000400|17||3478|ppp1 \
Steam_3||0x10000400|17||4379|ppp1 \
Steam_4||0x10000400|17||4380|ppp1 \

FastLaneJB
Expert Boarder
Posts: 154
graphgraph
User Offline Click here to see the profile of this user
Last Edit: 2011/11/06 00:08 By FastLaneJB.
The administrator has disabled public write access.
 
Go to topPage: 1
  get the latest posts directly to your desktop