Iptables, DMZ host or port forwarding

Hello,

I don't know much about iptables I use it for IP Masquerading, I found a
rc.firewall file in a HOWTO which set up my IP masquerading.

What I am trying to accomplish is to get the firewall to ignore packets to
my PlayStation 2 and just let them through and back out. Through some
reading I think this would be called a DMZ Host. The IP to my PlayStation 2
was given statically and it is 192.168.0.3. Would anyone know how to do
this? If you need any other info please let me know.

Just for background I am having some trouble with my headset when playing
online games on the PS2. Through a lot of google searching this is
generally caused by a router/firewall blocking some of the packets to the
PS2. The options given to fix it were:

1) Setup the PS2 as a DMZ Host
2) Forward port 6000 to port 6999 (how?)
3) Plug PS2 straight to the cable modem.

I would prefer option 1 or 2.

Any help would be greatly appreciated!

Michael Parmeley <mjparme@hotmail.com> wrote:

[...]
> What I am trying to accomplish is to get the firewall to ignore packets
> to my PlayStation 2 and just let them through and back out. Through some
> reading I think this would be called a DMZ Host. The IP to my PlayStation
> 2 was given statically and it is 192.168.0.3. Would anyone know how to do
> this? If you need any other info please let me know.
>
> Just for background I am having some trouble with my headset when playing
> online games on the PS2. Through a lot of google searching this is
> generally caused by a router/firewall blocking some of the packets to the
> PS2. The options given to fix it were:
>
> 1) Setup the PS2 as a DMZ Host

Some SOHO router manufacturers mis-use the term DMZ host. They
use the term for a host on the internal net which gets all incoming
traffic not belonging to existing communications to other hosts.
Such a "DMZ host" is quite exposed to the Internet. If at all
possible I would avoid such a configuration.


> 2) Forward port 6000 to port 6999 (how?)

You might try the following. Add the next rule to your firewall
script:

iptables -t nat -A PREROUTING -i $EXT_INTF -p udp --dport 6000:6999 \
-j DNAT --to 192.168.0.3

where $EXT_INTF is the device name of your external interface, eg.
ppp0 or eth1.


Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn

Thanks for the response. I wasn't to worried about setting my PS2 up as a
DMZ Host since as far as I know there are no current hacks to the PS2. Even
if there were what could they do that could be damaging?

I will try your forwarding suggestion. Thanks!

Horst Knobloch wrote:

>> 1) Setup the PS2 as a DMZ Host
>
> Some SOHO router manufacturers mis-use the term DMZ host. They
> use the term for a host on the internal net which gets all incoming
> traffic not belonging to existing communications to other hosts.
> Such a "DMZ host" is quite exposed to the Internet. If at all
> possible I would avoid such a configuration.
>
>
>> 2) Forward port 6000 to port 6999 (how?)
>
> You might try the following. Add the next rule to your firewall
> script:
>
> iptables -t nat -A PREROUTING -i $EXT_INTF -p udp --dport 6000:6999 \
> -j*DNAT*--to*192.168.0.3
>
> where $EXT_INTF is the device name of your external interface, eg.
> ppp0 or eth1.