Cannot get a gameserver to work trough zentyal

[aprate]

hio all,

I'm new to Zentyal until now everything works as a charm except my gameserver:(

Currently i'm running Zentyal 3.0-1 Community Edition (64-bit version) as my dns/dhcp/fileshare/firewall server and now i want to open ports to a computer in the network.
But it doesn't matter what i do i can't get an open port to the pc... I've tried to open a port to the zentyal server and this succeeded but getting an open port trough zentyal will be a mystery.

What i have done is the next:
made a service named KF which stands for killing-floor.
and i added the following ports to it:

Protocol    Source port    Destination port
UDP            any                    7707        (Game Port)
UDP            any                    7708        (Query Port)
UDP            any                    7717        (GameSpy Query Port)
TCP/UDP    any                    28852    (Master Server Browser)
TCP/UDP    any                    8075        (Webadmin)
UDP            any                    20560    (Steam Port)

after this i added the service to Firewall --> Packet Filter --> Filtering rules from internal networks to Zentyal
Which has the following line:
Decision    Source           Service   
 Arrow up    192.168.0.11/32   KF

also added it to External networks to internal networks
Decision    Source    Destination    Service
 Arrow up    Any            192.168.0.11/32

and i even added the service to 'Traffic coming out from Zentyal' just to try it out but that didn't work either.

my Internal networks has an option of any/any/any which it standard includes.

So does anyone know what i might do wrong? Because i'm hurting my head over this way more as supposed i guess xD.

[jbahillo]

Hello aprate:

I think you should play with DNAT (Standard NAT) options.

Regards

[aprate]

Hello aprate:

I think you should play with DNAT (Standard NAT) options.

Regards

Thank you for your fast reply, i've got a SNAT option under my firewall.
Is this what you meant ?

[jbahillo]

Hello:
No I actually mean to Port redirection part inside Firewall.

Case this did not work, more details on your network and the  needs of this game server (is it accesses from external networks) is it only accessed internally, etc

[aprate]

oke, sorry was eating

i also tried adding the ports to 'Port Forwarding' under firewall. like this:
interface: eth0
Original destination: 192.168.0.11
protocol: wich is needed
original destination port: the port
source: any
Destination IP: 192.168.0.11
port: same

which also did not work

The gameserver is actually a laptop and running a clean windows xp install with just a cmd command to run the server. Furthermore no extra firewall/antivirus software.
This ip of the gameserver is 192.168.0.11.

My Zentyal server has 2 network cards eth0(which is the wan port this one is connected to my cable modem.) and eth1( Connected to my 8port gigabyte cisco switch.), from here on out its going with a cable to the gameserver.

I want it to get access from external, so that anyone who plays the game can access it from his/her serverbrowser, i can access it from internal because all ports are open.

Should  this provide all the info  you needed ?

firewall log:
http://img819.imageshack.us/img819/2696/naamlooslnh.png
it just drops all
Destination is my wan ip address, but i would rather not show it here

[jbahillo]

Hello aprate:

That's what I guessed. Now Zentyal works as a router, so you need to apply a NAT rule as you would do on a, say, DSL router.

The NAT rule you need to add is something like this:

interface: eth0
Original destination: Zentyal IP
protocol: tcp/udp (as needed)
original destination port: port needed
source: any
Destination IP: 192.168.0.11
port: same

You will need to add as many rules as ports you need to redirect (6 rules if we look at your first post)
regards

[aprate]

Cool!, you rock GameTracker can find the server now.

The only thing i had done wrong was changing the Original destination to 192.168.0.11.
Thought it was something like this because of the 2 network cards.

Thanks!

[jbahillo]

Hi aprate:

No, I would rather think that it's because you marked the checkbox of masquerading original IP (replace source IP)


Unmark it and you should be able to have the actual source IP

Regards