On Thu, 14 Jan 1999, Dan Kegel wrote:
> Date: Thu, 14 Jan 1999 07:04:44 -0800
> From: Dan Kegel <[EMAIL PROTECTED]>
> To: "David A. Ranch" <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
> [EMAIL PROTECTED]
> Subject: Re: [masq] [masq-dev] A possible bug in the ip_masq_quake code?
>
> "David A. Ranch" schrieb:
> > Linux 2.0.36 w/ ipportfw patch
> > ftp, quake, and raudio MASQ modules loaded
> > UDP ports 2000-2020 IPPORTFWed
>
> > The problem happens when you double-click on the Quake2 entry
> > in the left-hand window to "update the servers". The first
> > or second time, you will get a good list of servers and decently
> > low ping times. If you do this a few more times, all of the sudden,
> > all the ping times goto 9999 and from the Linux server's logs,
> > you see:
> >
> > Jan 13 00:07:09 trinity2 kernel: ip_masq_new(proto=UDP): no free ports.
>
> Hey, I wonder if the loose UDP patch will help that. It reuses
> UDP ports more efficiently. (It's in 2.2.0-pre7, and a version
> for 2.0.36 can be found at http://www.alumni.caltech.edu/~dank/peer-nat.html
> - Dan
Possibly, but I doubt it. Quake and Quake2 are masquerading friendly.
The problem the original author is having is that masquerading timeouts are
set too high. The default, I believe, is 5 minutes. Now assuming he has
1000 entries in his gamespy table, he does a query which opens 1000 ports
which only need to be open for a few seconds, but stay open for 5 minutes.
Now he does a query again 1 minute later, which means there are 2000 ports
open. Now he does another 1 minute later to give 3000 ports open. As you
can see, this will quickly fill up the masquerading tables. This happens
to me all the time, since I've got two computers behind my masquerading
host that play.
The solution? Use smaller udp timeouts.
# ipfwadm -M -s 0 0 60
will leave the tcp and tcpfin timeouts at their default, and will set the
udp timeouts to 1 minute. I really don't see a reason why they can't be
set even lower or why udp has a timeout in the first place, since udp is
packet based, not connection based.
Btw, another person said he didn't need the quake masquerading module to
play quake or quake2. This is correct for a couple of reasons:
1) if you only have one host playing quake behind your masquerading host,
or if you have more than one host but they're all playing on different
servers, then the module is not necessary. The module is only necessary
when 2 or more hosts want to play on the same server.
2) the module does absolutely _nothing_ for quake2. If you look at the
module source, you'll see a couple of port numbers at the beginning:
26000 and 27000. Quake2's default port is 27910. The quake module
apparently does work for quake2 if the port is added.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
