[Csgo_servers] Re : Port forwarding issues

Vieux Gnome Fri, 16 May 2014 13:34:36 -0700

Hi Edward,

My IPTABLES config (who is functionnal :) )


/!\ I have set my listens ports are in range 30001-30050, clients in
30101-30150, and for TV : 30201-30250

In my server launcher :
port="30016"
sourcetvport="30116"
clientport="30216"
parms="-game csgo -ip x.y.z.w -console -usercon -secure -autoupdate
+sv_pure 2 +game_type 0 +game_mode 1 -strictportbind -port ${port} +tv_port
${sourcetvport} +clientport ${clientport} -maxplayers_override 11 +mapgroup
${mapgroup} +map ${defaultmap} -tickrate 128 +net_public_adr x.y.z.w"

root@ttl # cat /etc/iptables/ipt_init.sh
#!/bin/bash

#Configuration de l'IPTABLES

echo "Configuration de l'Iptables"
#Reset
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#Accepts via le loopback
iptables -A INPUT -i lo -j ACCEPT


# Reject packets from RFC1918 class networks (i.e., spoofed)
iptables -A INPUT -s 10.0.0.0/8     -j DROP
iptables -A INPUT -s 169.254.0.0/16 -j DROP
iptables -A INPUT -s 172.16.0.0/12  -j DROP
iptables -A INPUT -s 127.0.0.0/8    -j DROP
iptables -A INPUT -s 224.0.0.0/4      -j DROP
iptables -A INPUT -d 224.0.0.0/4      -j DROP
iptables -A INPUT -s 240.0.0.0/5      -j DROP
iptables -A INPUT -d 240.0.0.0/5      -j DROP
iptables -A INPUT -s 0.0.0.0/8        -j DROP
iptables -A INPUT -d 0.0.0.0/8        -j DROP
iptables -A INPUT -d 239.255.255.0/24 -j DROP
iptables -A INPUT -d 255.255.255.255  -j DROP

# Drop invalid packets immediately
iptables -A INPUT   -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT  -m state --state INVALID -j DROP

#Regles de base
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

#For web site
iptables -A INPUT -p tcp --dport 80 -j ACCEPT


#Log et drop des attaques
#iptables -A logattacker -j LOG --log-prefix "SRCDS:ATTACK: "
--log-ip-options -m limit --limit 3/m --limit-burst 15 --log-level warning
#iptables -A logattacker -j DROP

#anti-rcon flood
iptables -A INPUT -p tcp --dport 30001:30050 -m hashlimit --hashlimit-upto
2/sec --hashlimit-burst 4 --hashlimit-mode srcip,dstip,dstport
--hashlimit-name TF_PACKET_LIMIT -j ACCEPT

#Ports de base Steam
iptables -A INPUT -p udp --dport 30001:30050 -j ACCEPT

#Ports pour SourcesTV
iptables -A INPUT -p tcp --dport 30201:30250 -j ACCEPT
iptables -A INPUT -p udp --dport 30201:30250 -j ACCEPT

#Ports pour client
iptables -A INPUT -p tcp --dport 30101:30150 -j ACCEPT
iptables -A INPUT -p udp --dport 30101:30150 -j ACCEPT

#Ports for VAC
iptables -A INPUT -p tcp --dport 30901:30950 -j ACCEPT
iptables -A INPUT -p udp --dport 30901:30950 -j ACCEPT

#Steam friends and updates
iptables -A INPUT -p tcp --dport 1200 -j ACCEPT
iptables -A INPUT -p udp --dport 1200 -j ACCEPT
iptables -A INPUT -p tcp --dport 3478:4380 -j ACCEPT
iptables -A INPUT -p udp --dport 3478:4380 -j ACCEPT
#For related flux
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#Rejeter les requetes UDP autres
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
#Drop de tout les autres Protocoles/Ports
iptables -A INPUT -j DROP
echo "Fin de la configuration d'iptables"

Regards.
Vgn

_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers

[Csgo_servers] Re : Port forwarding issues

Reply via email to