I got a game called CircleMUD, is like a text game that runs on port 2000 as i guess linux calls it a job.
I also have a hostname with dyndns.com “relik.ath.cx”
that i want peaple to be able to connect to on port
2000 off of my computer with Suse 11.1
so they would have to type
open relik.ath.cx 2000 in a telnet shell.
What the heck do I have to do?
also what do you recommend a dummy should use/do to post his html with suse linux 11.1? Any information that helps would be very helpful thanks:P:)
Well there’s still some information missing here… what have you
tried? Has this ever worked in the past? How is your network
(presumably at home) setup? Does your computer have a public IP and if
not does your router forward port 2000 to your computer internally? Is
your firewall on your host (computer) configured to allow port 2000
traffic in? Pinging your DNS name get ms 68.203.83.218 (currently) so
if that is the IP address of your actual computer you simply need to
open port 2000 in your host’s firewall; if that is the IP address of
your router you need to open port 2000 in your host’s firewall and
forward 2000 at your router to your host. This all assumes your service
(CircleMUD) is running properly and listening on port 2000. Post the
output of the following, please:
ip addr sh
ip route sh
netstat -anp | grep 'LISTEN ’ | grep 2000
#as root
rcSuSEfirewall2 status
/usr/sbin/iptables-save #(or /usr/sbin/iptables -L)
Good luck.
errigour wrote:
> I got a game called CircleMUD, is like a text game that runs on port
> 2000 as i guess linux calls it a job.
>
> I also have a hostname with dyndns.com “relik.ath.cx”
> that i want peaple to be able to connect to on port
> 2000 off of my computer with Suse 11.1
> so they would have to type
> open relik.ath.cx 2000 in a telnet shell.
>
> What the heck do I have to do?
> also what do you recommend a dummy should use/do to post his html with
> suse linux 11.1? Any information that helps would be very helpful
> thanks:P:)
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
Ive tried alot to get these things to work accept I don’t know how to. i don’t even know where to forward the router heh. like how do I identify my computer what do i fill in for the yast2 dns setup what commands should i know what files should i edit if i don’t have to use yast2 are they touchy files does what you post actually work heh. If you feel like throw some newb pointers out there:) just commands to know or something meh thanks.
ip addr sh
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet 127.0.0.2/8 brd 127.255.255.255 scope host secondary lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:06:5b:96:a7:87 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.101/24 brd 192.168.1.255 scope global eth0
inet6 fe80::206:5bff:fe96:a787/64 scope link
valid_lft forever preferred_lft forever
ip route sh
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.101
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.1.1 dev eth0
So two things… first you really need to enable port forwarding on
your gateway (192.168.1.1) or your web users will never reach your box.
You can test things right now from the box itself by going to
localhost:2000 or from another box on your local network by going to
192.168.1.101:2000 but not until you change your firewall configuration
via Yast: Security and Users: Firewall: Allowed Services: Advanced: put
‘2000’ in the TCP line. Once that is done and your forwarding is
enabled on your gateway (probably a router or something you own) you
should be set… assuming you can access it now locally via localhost:2000.
Good luck.
errigour wrote:
> Ive tried alot to get these things to work accept I don’t know how to. i
> don’t even know where to forward the router heh. like how do I identify
> my computer what do i fill in for the yast2 dns setup what commands
> should i know what files should i edit if i don’t have to use yast2 are
> they touchy files does what you post actually work heh. If you feel like
> throw some newb pointers out there:) just commands to know or something
> meh thanks.
>
>
>
> ip addr sh
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
> inet 127.0.0.2/8 brd 127.255.255.255 scope host secondary lo
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 00:06:5b:96:a7:87 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.101/24 brd 192.168.1.255 scope global eth0
> inet6 fe80::206:5bff:fe96:a787/64 scope link
> valid_lft forever preferred_lft forever
>
>
> ip route sh
> 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.101
> 169.254.0.0/16 dev eth0 scope link
> 127.0.0.0/8 dev lo scope link
> default via 192.168.1.1 dev eth0
>
>
> netstat -anp | grep 'LISTEN ’ | grep 2000
> tcp 0 0 0.0.0.0:2000 0.0.0.0:*
> LISTEN 22216/circle
>
>
>
> rcSuSEfirewall2 status
> Checking the status of SuSEfirewall2
> running
>
>
>
> /usr/sbin/iptables-save #(or /usr/sbin/iptables -L)
>
> # Generated by iptables-save v1.4.2-rc1 on Sat Jan 10 13:21:38 2009
>
> *raw
>
> :PREROUTING ACCEPT [129892:169979869]
>
> :OUTPUT ACCEPT [79029:5662081]
>
> -A PREROUTING -i lo -j NOTRACK
>
> -A OUTPUT -o lo -j NOTRACK
>
> COMMIT
>
> # Completed on Sat Jan 10 13:21:38 2009
>
> # Generated by iptables-save v1.4.2-rc1 on Sat Jan 10 13:21:38 2009
>
> *filter
>
> :INPUT DROP [0:0]
>
> :FORWARD DROP [0:0]
> :OUTPUT ACCEPT [0:0]
> :forward_ext - [0:0]
> :input_ext - [0:0]
> :reject_func - [0:0]
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state ESTABLISHED -j ACCEPT
> -A INPUT -p icmp -m state --state RELATED -j ACCEPT
> -A INPUT -i eth0 -j input_ext
> -A INPUT -j input_ext
> -A INPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-IN-ILL-TARGET
> " --log-tcp-options --log-ip-options
> -A INPUT -j DROP
> -A FORWARD -m limit --limit 3/min -j LOG --log-prefix
> "SFW2-FWD-ILL-ROUTING " --log-tcp-options --log-ip-options
> -A OUTPUT -o lo -j ACCEPT
> -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
> -A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "SFW2-OUT-ERROR "
> --log-tcp-options --log-ip-options
> -A input_ext -m pkttype --pkt-type broadcast -j DROP
> -A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
> -A input_ext -p icmp -m icmp --icmp-type 8 -j ACCEPT
> -A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 80
> --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP
> " --log-tcp-options --log-ip-options
> -A input_ext -p tcp -m tcp --dport 80 -j ACCEPT
> -A input_ext -p tcp -m limit --limit 3/min -m tcp --dport 443
> --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-ACC-TCP
> " --log-tcp-options --log-ip-options
> -A input_ext -p tcp -m tcp --dport 443 -j ACCEPT
> -A input_ext -p udp -m udp --dport 443 -j ACCEPT
> -A input_ext -m limit --limit 3/min -m pkttype --pkt-type multicast -j
> LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options
> --log-ip-options
> -A input_ext -m pkttype --pkt-type multicast -j DROP
> -A input_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags
> FIN,SYN,RST,ACK SYN -j LOG --log-prefix "SFW2-INext-DROP-DEFLT "
> --log-tcp-options --log-ip-options
> -A input_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix
> "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
> -A input_ext -p udp -m limit --limit 3/min -j LOG --log-prefix
> "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
> -A input_ext -m limit --limit 3/min -m state --state INVALID -j LOG
> --log-prefix "SFW2-INext-DROP-DEFLT-INV " --log-tcp-options
> --log-ip-options
> -A input_ext -j DROP
> -A reject_func -p tcp -j REJECT --reject-with tcp-reset
> -A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable
> -A reject_func -j REJECT --reject-with icmp-proto-unreachable
> COMMIT
> # Completed on Sat Jan 10 13:21:38 2009
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
I did what you said and my html page actually appears on the web now but for some reason relik.ath.cx port 2000 works for my computer but not for computers on the network past my router. Could there be a different reason than the router and firewall that this dns name isn’t working? Is there anything else I have to do with my router and firewall to make this site name and port 2000 allow others to log into relik muD?
Check your web server’s logs, or do a LAN trace, or something. If you
KNOW that port 2000 of your router is forwarding to your host then it’s
hard to say what could be going wrong, but it should be possible to
figure out out. Track down the packets.
Good luck.
errigour wrote:
> I did what you said and my html page actually appears on the web now but
> for some reason relik.ath.cx port 2000 works for my computer but not for
> computers on the network past my router. Could there be a different
> reason than the router and firewall that this dns name isn’t working? Is
> there anything else I have to do with my router and firewall to make
> this site name and port 2000 allow others to log into relik muD?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
can these fields be changed cause there the only extra fields I have other than the set ones like the incomplete DNS and HTTP applications I filled in above. And if I can change them what should I change them to for relik.ath.cx port 2000.
You don’t have to answer but that would really help alot!
UPnP is not related at all as far as I know. Look for Port Forwarding
unless this is something like UPnP/Forwarding so it does both things
separately. If that’s the case then yes… add a new application,
external/internal ports both 2000, inernal IP of your box, enabled.
Good luck.
errigour wrote:
> Ok this doesn’t apply to openSUSE but your smart and I don’t want to
> ruin my current settings because http is working for me.
>
> under the UPnP Forwarding theres a bunch of options for forwarding
> ports. and theres a bunch of options simular to these
>
> application ext.port TCP/UDP int.port IP Address enabled
> LIMEUDP 4567 UDP 4567 101 enabled
> LIMETCP 47534 TCP 47534 103 enabled
> DNS
> HTTP
>
> can these fields be changed cause there the only extra fields I have
> other than the set ones like the incomplete DNS and HTTP applications I
> filled in above. And if I can change them what should I change them to
> for relik.ath.cx port 2000.
> You don’t have to answer but that would really help alot!
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
So it’s working or it’s not? If not I’d try a LAN trace from your
server (port 2000 open and listening box) to see if traffic is even
coming from your gateway/router/modem when forwarded like it apparently
is when you’re on the local network. If not then it’s a router problem.
If so, see what goes back out (if anything) to the gateway/router/modem
and then on to the client.
Good luck.
errigour wrote:
> I did but for some reason 2000 is the only port that is opened to the
> public. my 4 other ports aren’t working.
> Thanks a million btw
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
How do I listen on a LAN port cause i tried entering listening
box also tried port 2000 something don’t have a port command. how do I listen on a lan port?
See ‘wireshark’… may even be already installed, but if not it’s
probably installable using something like:
yast -i wireshark
As a note to perform a LAN trace you almost certainly need to be running
as root, or at least using ‘su’. So…:
sux -
yast -i wireshark
wireshark &
Good luck.
errigour wrote:
> How do I listen on a LAN port cause i tried entering listening
> box also tried port 2000 something don’t have a port command. how do I
> listen on a lan port?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org