kurlrip 10 Posted August 27, 2011 Hello. Fist sory for my english :o I have some dificult to configure my arma2 server on linux. I search on this forum, but i find the same thing everywhere, and i don t know how to do for configuring firewall. Problem is : When i put down firewall with iptable like this : #!/bin/bash echo Setting firewall rules... # # iptables -t filter -P INPUT ACCEPT iptables -t filter -P FORWARD ACCEPT iptables -t filter -P OUTPUT ACCEPT iptables -t filter -F iptables -t filter -X iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT It s ok. But i don t have firewall :confused_o: So i try put pout firewall and configure it : i tried this : #!/bin/bash echo Setting firewall rules... # # ###### Debut Initialisation ###### # Interdire toute connexion entrante iptables -t filter -P INPUT DROP iptables -t filter -P FORWARD DROP # Interdire toute connexion sortante iptables -t filter -P OUTPUT DROP # Vider les tables actuelles iptables -t filter -F iptables -t filter -X iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Autoriser les requetes FTP iptables -I INPUT -p tcp --dport 21 -j ACCEPT iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT # Autoriser les requetes DNS, HTTP iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT # Autoriser loopback iptables -t filter -A INPUT -i lo -j ACCEPT iptables -t filter -A OUTPUT -o lo -j ACCEPT # Autoriser ping iptables -t filter -A INPUT -p icmp -j ACCEPT iptables -t filter -A OUTPUT -p icmp -j ACCEPT # HTTP iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport XXXX -m recent --rcheck --seconds 60 --hitcount 2 --name SSH -j LOG --log-prefix "SSH REJECT" iptables -t filter -A INPUT -p tcp --dport XXXX -m recent --update --seconds 60 --hitcount 2 --name SSH -j DROP iptables -t filter -A INPUT -p tcp --dport XXXX -m state --state NEW -m recent --set --name SSH -j ACCEPT #UDP Teamspeak Voice Port iptables -A INPUT -p udp -m udp --dport 9987 -j ACCEPT #TCP Teamspeak File Transfer iptables -A INPUT -p tcp -m tcp --dport 30033 -j ACCEPT #TCP Query Port iptables -A INPUT -p tcp -m tcp --dport 10011 -j ACCEPT echo - Autoriser TS3 [OK] # Autoriser Arma II iptables -t filter -A INPUT -p udp --dport 2302 -j ACCEPT iptables -t filter -A INPUT -p udp --dport 2304 -j ACCEPT iptables -t filter -A INPUT -p udp --dport 2305 -j ACCEPT But when i try this, that don t work anymore. I put port : 2302 2304 2305 because when i do a netstat whit no firewall, and when server is on. It s the port 2302 2304 and 2305 I know that is not what is writing on wiki where is writing : port UDP (used for game) port+1 UDP (used for server reporting) port+3 UDP (used for VoN transmissions) but i don t know why netstat give me those ports. I tired 2302 2303 2305 too but without succes. But after lot of try, maybe i do whatsoever.... Other thing, when i connect on server and when i play, i see a 4th port open. But it s never the same port. So Can someone help me. Or give me link for configure firewall on linux with ARMA2 Does my configuration is not good ?? Where is mistrake ?? Thank Share this post Link to post Share on other sites
nuxil 2 Posted August 28, 2011 i dont see a nic spesified. only lo. try this iptables -A INPUT -i eth0 -p udp --destination-port 2302:2305 -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --source-port 2302:2305 -j ACCEPT Share this post Link to post Share on other sites
Overlord 0 Posted August 28, 2011 Don't have time (or knowledge) to check your config, I just know Linux FW is a pain where the sun never shine. But why do you need it at all? How is server connected to the net? If you use a router, you are better off without FW on lin-box. If needed, use routers in-built FW. Share this post Link to post Share on other sites
kurlrip 10 Posted August 28, 2011 thk nuxil i ll try tomorow when i ll wake up... Overlord: because it s a dedicated server witch is not in my house. Share this post Link to post Share on other sites
kurlrip 10 Posted August 28, 2011 Thank a lot nuxil Now that work fine !! Since some day i looking for how to do for configure this firewall !! Thk thk thk !! :bounce3: Share this post Link to post Share on other sites
Vixente 10 Posted August 31, 2011 you are better off without FW on lin-box Blasphemy! Having a proper iptables/netfilter setup is the best thing you can do in any linux, regardless it is behind a router or not. :P kurlrip if you don't want to mess with command line. You can try an iptables front-end. One very simple to set up is Firestarter, is very user friendly, the only catch is that you have to have the X Window running to be able to open it. There are other frontend i don't remember right now, one is fwbuilder that is good, but more advanced and complex. ufw is a good one too. Check this for more: http://wiki.debian.org/Firewalls Share this post Link to post Share on other sites
kurlrip 10 Posted September 1, 2011 Thk a lot Vixente. I ll see that. Good link Share this post Link to post Share on other sites
