Forums

Subscribe via email Subscribe via email
Subscribe via rss
Guest
or Ask a Question
Add a reply View Replies (9) →
Rob
Rob
Offline

IPtables issues

Resolved
0 votes
Hi Guys,


Just wondering if anyone can give me some help on an issue i am having with IPTABLES.


Im using a clearos server in my lan to serve two WAN connections and to load balance both of the WAN connections.

I have read up on the steam knowledge base that i need to forward all of the steam ports through one WAN connection as they do not support having authentication from two different IP addresses.


I have researched through the forums and through google and i have found another topic in this forum on how to add multiple ranges to the destination port rules.

http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,19/func,view/id,8382/

I ran the command
iptables -t mangle -A MULTIWAN_MARK -p udp -m multiport --destination-ports 2700:27015 -j MULTIWAN_ppp0, rebooted the server and found that there is no lan connectivity at all, the only way i have found to fix this is to disable ppp0.

I think the reason why the lan stops working with ppp0 enabled is due to the iptables rule i entered is wrong.


My question is how do i fix this?? I am just venturing into linux properly and have very basic knowledge.

Can anyone help me with removing the rules, and helping me with the syntax on how to enter the correct rule's so i can route all of steam's traffic over one internet connection.

https://support.steampowered.com/kb_article.php?ref=1456-EUDN-2493#ports is the link for the ports for Steam.


Thank you,


Rob
In Multiwan
Sunday, July 03 2011, 05:27 AM
Subscribe via email
Share this post:
Responses (9)

  • Accepted Answer

    FastLaneJB
    FastLaneJB
    Offline
    Sunday, November 06 2011, 04:07 AM - #Permalink
    Resolved
    0 votes
    Hi,

    I did this just by editing the firewall file to make multiple rules. It's not neat but doesn't seem to slow my system down doing it this way. Would be much nicer if they'd add in port ranges.

    Anyway edit /etc/firewall and stick these in near the bottom of the file. You'll see how it's formatted, just keep the formatting of the file the same.

    So in my case Steam download traffic goes out of ppp0 and games go out of ppp1. This stops there being any lag if the another PC is updating or downloading games while another plays a game. There might be other ports you need but you get the idea. These will show up on your MultiWAN page in ClearOS.

    Just restart the firewall once you've saved them to get them running.

    SteamDownload_1||0x10000400|6||27014|ppp0 \
    
	SteamDownload_10||0x10000400|6||27023|ppp0 \
    
	SteamDownload_11||0x10000400|6||27024|ppp0 \
    
	SteamDownload_12||0x10000400|6||27025|ppp0 \
    
	SteamDownload_13||0x10000400|6||27026|ppp0 \
    
	SteamDownload_14||0x10000400|6||27027|ppp0 \
    
	SteamDownload_15||0x10000400|6||27028|ppp0 \
    
	SteamDownload_16||0x10000400|6||27029|ppp0 \
    
	SteamDownload_17||0x10000400|6||27030|ppp0 \
    
	SteamDownload_18||0x10000400|6||27031|ppp0 \
    
	SteamDownload_19||0x10000400|6||27032|ppp0 \
    
	SteamDownload_2||0x10000400|6||27015|ppp0 \
    
	SteamDownload_20||0x10000400|6||27033|ppp0 \
    
	SteamDownload_21||0x10000400|6||27034|ppp0 \
    
	SteamDownload_22||0x10000400|6||27035|ppp0 \
    
	SteamDownload_23||0x10000400|6||27036|ppp0 \
    
	SteamDownload_24||0x10000400|6||27037|ppp0 \
    
	SteamDownload_25||0x10000400|6||27038|ppp0 \
    
	SteamDownload_26||0x10000400|6||27039|ppp0 \
    
	SteamDownload_27||0x10000400|6||27040|ppp0 \
    
	SteamDownload_28||0x10000400|6||27041|ppp0 \
    
	SteamDownload_29||0x10000400|6||27042|ppp0 \
    
	SteamDownload_3||0x10000400|6||27016|ppp0 \
    
	SteamDownload_30||0x10000400|6||27043|ppp0 \
    
	SteamDownload_31||0x10000400|6||27044|ppp0 \
    
	SteamDownload_32||0x10000400|6||27045|ppp0 \
    
	SteamDownload_33||0x10000400|6||27046|ppp0 \
    
	SteamDownload_34||0x10000400|6||27047|ppp0 \
    
	SteamDownload_35||0x10000400|6||27048|ppp0 \
    
	SteamDownload_36||0x10000400|6||27049|ppp0 \
    
	SteamDownload_37||0x10000400|6||27050|ppp0 \
    
	SteamDownload_4||0x10000400|6||27017|ppp0 \
    
	SteamDownload_5||0x10000400|6||27018|ppp0 \
    
	SteamDownload_6||0x10000400|6||27019|ppp0 \
    
	SteamDownload_7||0x10000400|6||27020|ppp0 \
    
	SteamDownload_8||0x10000400|6||27021|ppp0 \
    
	SteamDownload_9||0x10000400|6||27022|ppp0 \
    
	SteamGame_1||0x10000400|17||27000|ppp1 \
    
	SteamGame_10||0x10000400|17||27009|ppp1 \
    
	SteamGame_11||0x10000400|17||27010|ppp1 \
    
	SteamGame_12||0x10000400|17||27011|ppp1 \
    
	SteamGame_13||0x10000400|17||27012|ppp1 \
    
	SteamGame_14||0x10000400|17||27013|ppp1 \
    
	SteamGame_15||0x10000400|17||27014|ppp1 \
    
	SteamGame_16||0x10000400|17||27015|ppp1 \
    
	SteamGame_17||0x10000400|17||27016|ppp1 \
    
	SteamGame_18||0x10000400|17||27017|ppp1 \
    
	SteamGame_19||0x10000400|17||27018|ppp1 \
    
	SteamGame_2||0x10000400|17||27001|ppp1 \
    
	SteamGame_20||0x10000400|17||27019|ppp1 \
    
	SteamGame_21||0x10000400|17||27020|ppp1 \
    
	SteamGame_22||0x10000400|17||27021|ppp1 \
    
	SteamGame_23||0x10000400|17||27022|ppp1 \
    
	SteamGame_24||0x10000400|17||27023|ppp1 \
    
	SteamGame_25||0x10000400|17||27024|ppp1 \
    
	SteamGame_26||0x10000400|17||27025|ppp1 \
    
	SteamGame_27||0x10000400|17||27026|ppp1 \
    
	SteamGame_28||0x10000400|17||27027|ppp1 \
    
	SteamGame_29||0x10000400|17||27028|ppp1 \
    
	SteamGame_3||0x10000400|17||27002|ppp1 \
    
	SteamGame_30||0x10000400|17||27029|ppp1 \
    
	SteamGame_31||0x10000400|17||27030|ppp1 \
    
	SteamGame_4||0x10000400|17||27003|ppp1 \
    
	SteamGame_5||0x10000400|17||27004|ppp1 \
    
	SteamGame_6||0x10000400|17||27005|ppp1 \
    
	SteamGame_7||0x10000400|17||27006|ppp1 \
    
	SteamGame_8||0x10000400|17||27007|ppp1 \
    
	SteamGame_9||0x10000400|17||27008|ppp1 \
    
	Steam_1||0x10000400|6||27015|ppp1 \
    
	Steam_2||0x10000400|17||3478|ppp1 \
    
	Steam_3||0x10000400|17||4379|ppp1 \
    
	Steam_4||0x10000400|17||4380|ppp1 \
    The reply is currently minimized Show

  • Accepted Answer

    jbriga
    jbriga
    Offline
    Friday, July 15 2011, 01:57 PM - #Permalink
    Resolved
    0 votes
    it doesnt work for me (ppp0=eth1 and ppp1=eth0)
    iptables -t mangle -A MULTIWAN_MARK -p udp -m multiport --destination-ports 20000:21000 -j MULTIWAN_eth1

    because the game still connected on both wan, any fix?
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Monday, July 04 2011, 06:52 AM - #Permalink
    Resolved
    0 votes
    Sorry, I was trying to sort out a snort problem at the time. I meant "service firewall status".

    [edit]
    What you are looking for are the chains beginning MULTIWAN so you can see what the valid targets are for the -j bit of the firewall rule.
    [/edit]
    The reply is currently minimized Show

  • Accepted Answer

    Rob
    Rob
    Offline
    Monday, July 04 2011, 05:22 AM - #Permalink
    Resolved
    0 votes
    Nick,


    Im just reading up on iptables, and i read your first reply about running "service snort status" and i got the response snort: unrecognized service, could this be an issue???
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Sunday, July 03 2011, 09:12 AM - #Permalink
    Resolved
    0 votes
    service firewall restart will reset the firewall to all rules defined in various files. This means that you will get the default rules, any rule you have added by the webconfig and anything you have manually added to files like /etc/rc.d/rc.firewall.local. All you should lose are any rules you have just typed into the command line. It therefore follows that to save your own rules you add them to /etc/rc.d/rc.firewall.local or via the webconfig.
    The reply is currently minimized Show

  • Accepted Answer

    Rob
    Rob
    Offline
    Sunday, July 03 2011, 08:58 AM - #Permalink
    Resolved
    0 votes
    Ok, thanks alot for the help.


    Just one more question please, in regards to the service firewall restart, that will wipe all the iptable rules, is there a way to save them.

    When i reboot the server, would that count as the service being restarted, i know it does in windows, dont know if it counts in linux.


    Cheers,

    Rob
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Sunday, July 03 2011, 08:33 AM - #Permalink
    Resolved
    0 votes
    To remove rules change the -I (insert) or -A (append) in the rule to -D (delete). Alternatively there is the simple sledgehammer "service firewall restart" which will clear all the manually added rules. I suggest you also google for "man iptables" to get an idea how some of it works.
    The reply is currently minimized Show

  • Accepted Answer

    Rob
    Rob
    Offline
    Sunday, July 03 2011, 08:15 AM - #Permalink
    Resolved
    0 votes
    Il try that, what is the syntax for removing rules???


    Sorry about the dumb questions, first time i have used linux to its full advantage.



    Cheers,


    Rob
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Sunday, July 03 2011, 06:49 AM - #Permalink
    Resolved
    0 votes
    I've no idea about multiwan, but have you tried "-j MULTIWAN_ethX" where ethX is the interface associated with ppp0. you may be able to check your destination target by looking at the (big) output of "service snort status" and seeing what MULTIWAN_xxxx sections exist.

    Also there should normally be no reason to reboot. First try the command at the command line. If it then works put it in /etc/rc.d/rc.firewall.local so it will then be there when the firewall restarts. (ot instead or rc.firewall.local use the custom rules it of the webconfig)
    The reply is currently minimized Show
Your Reply