For some reason I can't get Generals Zero Hour Online to work.
According to various websites the following ports need to be forwarded.
TCP: 6667, 16000, 28910, 29900, 29920
UDP: 4321, 16000, 27900
I have created the following rules:
Code: Select all
0 ;;; defconf: masquerade
chain=srcnat action=masquerade log=no log-prefix="" ipsec-policy=out,none
1 X ;;; DMZ test
chain=dstnat action=dst-nat to-addresses=192.168.0.100 in-interface=ether1 log=no log-prefix=""
2 X ;;; Generals Zero Hour
chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=80 protocol=tcp in-interface=ether1 dst-port=80 log=no log-prefix=""
3 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=4321 protocol=udp in-interface=ether1 dst-port=4321 log=no log-prefix=""
4 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=6667 protocol=tcp in-interface=ether1 dst-port=6667 log=no log-prefix=""
5 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=16000 protocol=tcp in-interface=ether1 dst-port=16000 log=no log-prefix=""
6 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=16000 protocol=udp in-interface=ether1 dst-port=16000 log=no log-prefix=""
7 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=27900 protocol=udp in-interface=ether1 dst-port=27900 log=no log-prefix=""
8 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=28910 protocol=tcp in-interface=ether1 dst-port=28910 log=no log-prefix=""
9 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=29900 protocol=tcp in-interface=ether1 dst-port=29900 log=no log-prefix=""
10 chain=dstnat action=dst-nat to-addresses=192.168.0.100 to-ports=29920 protocol=tcp in-interface=ether1 dst-port=29920 log=no log-prefix=""
What I find interesting is that the packet counters don't show any traffic on the above ports (except for a few packets on 80).
As if the traffic is not coming through.
I have also added some allow rules for these ports (not sure if necessary), these also don't show traffic:
Code: Select all
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; Generals Zero Hour
chain=input action=accept protocol=tcp in-interface=ether1 dst-port=6667,16000,28910,29900,29920 log=no log-prefix=""
2 chain=input action=accept connection-state=invalid,established,related,new,untracked protocol=udp in-interface=ether1 dst-port=4321,27900 log=no log-prefix=""
3 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
4 X ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related
5 ;;; VPN Rule 1
chain=input action=accept protocol=tcp dst-port=1723 log=no log-prefix=""
6 chain=input action=accept protocol=gre log=no log-prefix=""
7 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
8 X ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
9 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
10 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
11 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
12 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
13 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
14 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN
[luck@MikroTik] >
I have tried the same game on another computer, same issue. Also tried disabling fasttrack.
Am I doing something wrong here? All my other forwarding rules are working okay (nginx for example).
What am I missing?
All help appreciated, thanks!