Go Back   EQEmulator Home > EQEmulator Forums > Support > Support::Linux Servers

Support::Linux Servers Support forum for Linux EQEMu users.

Reply
 
Thread Tools Display Modes
  #1  
Old 04-03-2011, 10:03 AM
freezzo
Fire Beetle
 
Join Date: Jun 2004
Posts: 18
Default Setting up Linux server...what ports to open?

I have the server running on a remote linux host, and I can see it in the server select, however when I try to connect to it, the client just hangs and there is no connecting being made to world. However, if I shut down my iptables, I can connect.

Note that I am running the world server on port 20900. Any help would be appreciated.
Reply With Quote
  #2  
Old 04-03-2011, 02:46 PM
Tabasco's Avatar
Tabasco
Discordant
 
Join Date: Sep 2009
Posts: 270
Default

What does your iptables script look like?

It is likely that your default policy is to deny, in which case you would need to add exceptions before the deny rule for applicable tables.

-I INPUT -p tcp --dport 20900 -j ACCEPT
Reply With Quote
  #3  
Old 04-03-2011, 03:10 PM
freezzo
Fire Beetle
 
Join Date: Jun 2004
Posts: 18
Default

I have these added:


-A INPUT -p tcp --dport 20900 -j ACCEPT
-A INPUT -p udp --dport 20900 -j ACCEPT
-A INPUT -p tcp --dport 5998 -j ACCEPT
-A INPUT -p tcp --dport 5999 -j ACCEPT
-A INPUT -p udp --dport 5998 -j ACCEPT
-A INPUT -p udp --dport 5999 -j ACCEPT

I haven't setup the zone stuff yet.
Reply With Quote
  #4  
Old 04-03-2011, 05:50 PM
Tabasco's Avatar
Tabasco
Discordant
 
Join Date: Sep 2009
Posts: 270
Default

Well, if it works when you shut off iptables, you have your culprit.

You may also need to add allowances for your output and (maybe?) forward chains, depending on their default policies.
Reply With Quote
  #5  
Old 04-03-2011, 07:43 PM
freezzo
Fire Beetle
 
Join Date: Jun 2004
Posts: 18
Default

Sorry If I do not understand..but well..i dont understand what you mean?

I realize the culprit is that I must not be setting up the firewall right due to the fact that if I turn it off, it works. As long as there are no other ports involved, I will have to continue to dig.
Reply With Quote
  #6  
Old 04-03-2011, 08:30 PM
Tabasco's Avatar
Tabasco
Discordant
 
Join Date: Sep 2009
Posts: 270
Default

To add accept rules for the other chains you would put in lines similar to the input rules.

-A INPUT -p tcp --dport 20900 -j ACCEPT
-A OUTPUT -p tcp --dport 20900 -j ACCEPT
-A FORWARD -p tcp --dport 20900 -j ACCEPT

If the firewall is doing NAT this gets more complicated.
Can you post your firewall script?
Reply With Quote
  #7  
Old 04-04-2011, 07:57 PM
freezzo
Fire Beetle
 
Join Date: Jun 2004
Posts: 18
Default

This is what i have:




*filter


# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT


# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT


# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp --dport 8000 -j ACCEPT

# EQEMU
-A INPUT -p tcp --dport 20900 -j ACCEPT
-A INPUT -p udp --dport 20900 -j ACCEPT
-A INPUT -p tcp --dport 5998 -j ACCEPT
-A INPUT -p tcp --dport 5999 -j ACCEPT
-A INPUT -p udp --dport 5998 -j ACCEPT
-A INPUT -p udp --dport 5999 -j ACCEPT

# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT


# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT


# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7


# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
Reply With Quote
  #8  
Old 04-05-2011, 09:46 AM
Tabasco's Avatar
Tabasco
Discordant
 
Join Date: Sep 2009
Posts: 270
Default

I'm not at a point where I can do a lot of testing right now, but there are a couple of things you can try.

Your
-A FORWARD -j REJECT
line probably isn't doing anything without NAT, but you might comment that out or set your action to ACCEPT and reload the firewall to see if it makes a difference.

It also looks like you're logging rejected requests. You could try logging in to the server and then grepping your logs for 'iptables denied'.
Reply With Quote
  #9  
Old 04-05-2011, 10:07 AM
freezzo
Fire Beetle
 
Join Date: Jun 2004
Posts: 18
Default

I did try checking /var/log/messages for anything, but nothing was in there. Is that the proper log file?

I am working now so I will have to try changing the firewall later tonight to see if it worked.

Thanks
Reply With Quote
  #10  
Old 04-05-2011, 12:01 PM
Tabasco's Avatar
Tabasco
Discordant
 
Join Date: Sep 2009
Posts: 270
Default

Log level 7 is debug, so it is most likely /var/log/debug.

When in doubt, grep [-r] iptables /var/log/*
Reply With Quote
  #11  
Old 04-05-2011, 12:51 PM
freezzo
Fire Beetle
 
Join Date: Jun 2004
Posts: 18
Default

Interestingly i do not have a /var/log/debug.

I tried the grep all files in /var/log for iptable and got nothing.

Not quite sure where its logging this stuff.
Reply With Quote
  #12  
Old 06-06-2011, 10:48 PM
joligario's Avatar
joligario
Developer
 
Join Date: Mar 2003
Posts: 1,490
Default

More on ports...
Well, got around to setting up a linux server remotely again on CentOS 5. Just need a little help understanding the ports and linux firewall. Most likely I am just too newb for this part. I am good with doing a Windoze setup.

The situation:
CentOS 5.6 with WHM/cPanel interface (still have full root access and use PuTTY to run everything remotely)
Dedicated server using shared ip 66.x.x.x on eth0
Dedicated ip address for this eq server account 205.x.x.x on eth4
Opened up INPUT/OUTPUT to 9000 tcp and 7000:7005 udp in iptables
Using the eqemulator.net:5998 world server

Basically, I am not getting any inbound connections. The server shows up on the list just fine. If I leave the address blank in the config, world server reports my 66.x.x.x address. So I forced my 205.x.x.x ip address, nothing changed. The dynamic and static zones boot up fine using the 205.x.x.x ip address with the proper ports (7000:7005).

Any ideas on how I am not understanding my setup and what I should look for next? Possible that logging in as root forces use of the main server ip address even though I'm logged in to SSH using the 205.x.x.x address? Should I be looking at FORWARD options? I wasn't sure about forward because using INPUT/OUTPUT allowed the world server to connect.

All ideas welcomed and appreciated!
Reply With Quote
  #13  
Old 06-06-2011, 10:52 PM
sorvani
Dragon
 
Join Date: May 2010
Posts: 966
Default

On my windows server, the windows firewall is off, and my router only has upd ports forwarded. Not tcp 9000

Well by router I mean ClearOS firewall/router/webserver
Reply With Quote
  #14  
Old 06-07-2011, 12:27 AM
joligario's Avatar
joligario
Developer
 
Join Date: Mar 2003
Posts: 1,490
Default

Interesting. I thought I had only tcp on my windows setup. Perhaps I did both ... I'll have to look at that again. So I have tcp/udp entries for in/out on 9000 and zones now. Seems to be operational now. Thanks!
Reply With Quote
  #15  
Old 06-07-2011, 08:34 AM
image
Demi-God
 
Join Date: Jan 2002
Posts: 1,289
Default

Just to let you know the TCP communication is only used between the loginserver <- world <- zone (communication is setup this way between the different server exe's).

UDP is the only requirement for clients connecting to any of these servers.

It is just good to note this because when you open up TCP you leave your server communications vulnerable - such as if someone figured out your zspassword they could connect and do nasty stuff.
__________________
www.eq2emu.com
EQ2Emu Developer
Former EQEMu Developer / GuildWars / Zek Seasons Servers
Member of the "I hate devn00b" club.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

   

All times are GMT -4. The time now is 02:51 PM.


 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3