l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
May 5: Social gathering
Next Installfest:
Latest News:
Mar. 17: DavisGIG: municipal fiber for Davis
Page last updated:
2002 Apr 04 23:13

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] quake3 serving from behind a firewall
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] quake3 serving from behind a firewall

begin Jeff Newmiller <jdnewmil@dcn.davis.ca.us> 
> On Thu, 4 Apr 2002, Peter Jay Salzman wrote:
> > ok, after much procrastination, i rolled up my sleeves and set up a
> > quake3 server.   here's the topology of my LAN:
> > 
> > 
> > ---
> >    mephisto
> >    LEAF
> >    firewall                 satan
> > --------------------  navalle
> >                             lucifer
> >                             lucifer
> >                             moloch
> > 
> > on the firewall:
> > 
> > # ipmasqadm portfw -l
> > prot localaddr        rediraddr               lport    rport  pcnt pref
> > UDP  adsl-64-164-47-8 satan.diablo.localnet   ntp      ntp    10   10
> > UDP  adsl-64-164-47-8 satan.diablo.localnet   27960    27960  8    10
> > TCP  adsl-64-164-47-8 lucifer.diablo.localnet 27500    27500  10   10
> > TCP  adsl-64-164-47-8 satan.diablo.localnet   ntp      ntp    10   10
> > TCP  adsl-64-164-47-8 satan.diablo.localnet   6346     6346   7    10
> > TCP  adsl-64-164-47-8 satan.diablo.localnet   ssh      ssh    9    10
> > TCP  adsl-64-164-47-8 satan.diablo.localnet   24       ssh    10   10
> > TCP  adsl-64-164-47-8 satan.diablo.localnet   smtp     smtp   9    10
> > TCP  adsl-64-164-47-8 satan.diablo.localnet   www      www    2    10
> > TCP  adsl-64-164-47-8 satan.diablo.localnet   ftp      ftp    10 
> > 
> > 
> > i ran the dedicated server on satan (
> > 
> > q3ded +set dedicated 2 +net_ip +map q3dm17 +set com_hunkmegs 200
> > 
> > 
> > now on satan (, i *can't* connect to the server by
> > specifying a connect to server which surprises me.  however,
> > i can connect to the server by specifying which is no
> > surprise.
> This is normal behavior.
see below

> > however, on lucifer ( i *can* connect to the server by
> > specifying a connect to server  i can also specify
> >  this is groovy.
> This is abnormal behavior.  I have never encountered a linux kernel that
> would do this (reflect a masquerade back into the local network).

i believe the way quake3 works is that the server sends an identifier to a
master server run by id software that says "i'm running a server at ip
address".   the master server keeps track of this.  btw, all
communication happens with UDP.

a client then connects to the master server and gets a list of all the
servers and their ip addresses.  i'm not sure of the details beyond
this.  but it seems reasonable that if i run a server on
that identifies itself as to the master server, and then use
a client from to connect to, that it would work.

i guess i'm not really sure what it means to reflect a masq back into
the local server.  on one hand, i can't ssh from to

   p@satan% ssh p@
   (it just hangs)

but i can ping:

   p@satan% ping
   PING ( 56 data bytes
   64 bytes from icmp_seq=0 ttl=255 time=0.6 ms

(note: after checking with tcpdump on the firewall, the ping doesn't
leave my local network; it stays internal while ssh does leave the
internal net).

oi.  this is confusing.  just when i thought i had all this figured out,
i learn that i know practically nothing.   :(

still waiting for a quake3 owner to try to connect to ...

vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.