This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT not working

I am really having problems with DNAT. Yes i have read the manual and spent a lot of time searching for a answer. Can someone please help me.
I am trying to run a Counterstrike server and cannt connect from the internet. The gameserver is running on "Server".

######################
Networks

Any    0.0.0.0/0  [none]
External (Address)    Interface up  67.175.153.201  Address of interface 'External'
External (Broadcast)    Interface up  67.175.153.255  Broadcast address on interface 'External'
External (Network)    Interface up  67.175.153.128/25  Network on interface 'External'
Internal (Address)    Interface up  192.168.2.100  Address of interface 'Internal'
Internal (Broadcast)    Interface up  192.168.2.255  Broadcast address on interface 'Internal'
Internal (Network)    Interface up  192.168.2.0/24  Network on interface 'Internal'
Server    192.168.2.101  [none]

######################
SERVICES

  Steam 1  UDP  1200  1200  [none]
  Steam 2  TCP/UDP  1:65535  27000:27015  [none]
  Steam 3  TCP/UDP  1:65535  27015:27040  [none]

######################
NAT Rules

NAT   Internal (Network) -> All / All   MASQ__External   None
TEST   Any -> External (Network) / Steam   None   Server

######################
Packet filter

1  [none]    Any  0.0.0.0/0   Steam    0.0.0.0/0   Any    [none]

Cannot connect and am very frustrated. Have spennt 4 hours trying to get it to work.

This thread was automatically locked due to age.

0 latthaphon over 19 years ago

You can use WebServer_DNAT_Guidebook.pdf at http://docs.astaro.org/howtos/ , very useful guideline about DNAT configuration example.

Cheer
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 19 years ago

You need to DNAT incoming connections on port 27015 to the server.

So, you need:
ANY on EXT Interface, Service CSTrike, Change Dest to Server

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 MastaPuffy over 19 years ago in reply to BarryG

So I can only forward one port with DNAT? It is not possible to forward a group?
Meaning if i need to forward 10 differnt ports to my server I need 10 rules?

And when everyone says EXTERNAL INTERFACE do you mean External (Network)? I have cable and dont have a static ip do i have to create a definition, and how would it look like.
Cancel
Vote Up 0 Vote Down

Cancel
0 WmLongman over 19 years ago in reply to MastaPuffy

You can certainly DNAT a set of ports from one machine to another, but you'd have to individually DNAT port to port. How would the firewall know which port should go where?

You would first have to setup the service group, of course, then just use the service group as the destination service. You'd then just point it to another machine.

It would look like this:
Source address: Any Destination address: host1 Service: s_group
Change dest to: host2 Service dest: no change

If you are trying to use a different external IP address for that server, you'd need to make sure proxy arp is running and a virtual interface is specified on the external interface. I have a feeling this is not what you are trying to do but it's definitely a way to never see traffic.

No, the external interface is your IP address. If you don't have a static IP, the rule will need to be "External (Address)" instead of "host1" in the above example. You don't want "External (Network)" at all. That is just the network address of your external interface which doesn't have diddly to do with NAT/Masq rules.
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 19 years ago in reply to MastaPuffy

Running a CS server only needs 1 incoming port (27015).

Barry
Cancel
Vote Up 0 Vote Down

Cancel