<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML ><HEAD ><TITLE >Gamers: The LooseUDP patch</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Linux IP Masquerade HOWTO" HREF="index.html"><LINK REL="UP" TITLE="Other IP Masquerade Issues and Software Support " HREF="ipmasq-support-portfw-and-stronger-rulesets.html"><LINK REL="PREVIOUS" TITLE="Mirabilis ICQ " HREF="icq.html"><LINK REL="NEXT" TITLE="Frequently Asked Questions" HREF="faq.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Linux IP Masquerade HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="icq.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 6. Other IP Masquerade Issues and Software Support</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="faq.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="LOOSEUDP" ></A >6.10. Gamers: The LooseUDP patch</H1 ><P >The LooseUDP patch allows semi-NAT-friendly games that usually use UDP connections to both WORK behind a Linux IP Masquerade server. </P ><P >What the LooseUDP patch does is allow ALL UDP packets to be NATed through the MASQ box without any checks or expiration. This liberal forwarding method is considered insecure by many and is disabled in modern 2.2.x kernels. The 2.4.x kernels with it's IPTABLES stateful UDP inspection only allows incoming UDP packets into the machine (and thus MASQ) if there was already an outbound UDP packet to that same host in it's stateful table. If the MASQ host hasn't sent a UDP packet to the remote host within ~30 seconds, the return UDP table entry is deleted. Because of this, IPTABLES removes most of the need for the LooseUDP patch as it does it in a more secure fashion.</P ><P >Currently, LooseUDP is available as a patch for 2.0.36+ kernels and it is already built into 2.2.3+ kernels though it is now DISABLED by DEFAULT in 2.2.16+ (please see the example rc.firewal ruleset comments for details). </P ><P >To get LooseUDP running on a 2.0.x kernel, follow the following steps: <P ></P ><UL ><LI ><P >Have the newest 2.0.x kernel sources uncompressed in the /usr/src/linux directory</P ></LI ><LI ><P >ABSOLUTELY REQUIRED for v2.0.x: Download and install the IPPORTFW patch from <A HREF="ipmasq-compiling3.1.html#IPMASQ-COMPILING3.1.3" >Section 3.2.3</A >and as described in <A HREF="forwarders.html" >Section 6.7</A >of the HOWTO.</P ></LI ><LI ><P >Download the LooseUDP patch from <A HREF="ipmasq-compiling3.1.html#IPMASQ-COMPILING3.1.3" >Section 3.2.3</A > </P ><P >Now, put the LooseUDP patch in the /usr/src/linux directory. Once this is done, type in:</P ><P ><TABLE BORDER="1" BGCOLOR="#E0E0E0" WIDTH="90%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="SCREEN" >For a compressed patch file: zcat loose-udp-2.0.36.patch.gz | patch -p1</PRE ></FONT ></TD ></TR ></TABLE ></P ><P ><TABLE BORDER="1" BGCOLOR="#E0E0E0" WIDTH="90%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="SCREEN" >For a NON-compressed patch file: cat loose-udp-2.0.36.patch | patch -p1</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >Now, depending on the version of your "patch", You will then see the following text:</P ><P ><TABLE BORDER="1" BGCOLOR="#E0E0E0" WIDTH="90%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="SCREEN" >patching file `CREDITS' patching file `Documentation/Configure.help' patching file `include/net/ip_masq.h' patching file `net/ipv4/Config.in' patching file `net/ipv4/ip_masq.c'</PRE ></FONT ></TD ></TR ></TABLE ></P ></LI ><LI ><P >If you see the text "Hunk FAILED" only ONCE and ONLY ONCE at the very beginning of the patching, don't be alarmed. You probably have an old patch file (this has been fixed) but it still works. If it fails completely, make sure you have applied the IPPORTFW kernel patch FIRST.</P ><P >Once the patch is installed, re-configure the kernel as shown in <A HREF="ipmasq-compiling3.1.html#IPMASQ-COMPILING3.1.3" >Section 3.2.3</A > and be sure to say "Y" to the "IP: loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP) [Y/n/?]" option.</P ></LI ></UL > </P ><P >To get LooseUDP running on a 2.2.x kernel, follow the following steps: <P ></P ><UL ><LI ><P >In the /etc/rc.d/rc.firewall-* script, goto the BOTTOM of the file and find the LooseUDP section. Change the "0" in the line: <TT CLASS="LITERAL" >echo "0" > /proc/sys/net/ipv4/ip_masq_udp_dloose</TT > to a "1" and re-run the rc.firewall-* ruleset. An example of this is given in both <A HREF="firewall-examples.html#RC.FIREWALL-IPCHAINS" >Section 3.4.2</A > example and <A HREF="stronger-firewall-examples.html#RC.FIREWALL-IPFWADM-STRONGER" >Section 6.4.3</A > example.</P ></LI ></UL > </P ><P >NOTE: The LooseUDP code is /not/ available (?required?) for the 2.4.x kernels <P ></P ><UL ><LI ><P > See the begining of this section for all the details. Basically, the old 2.0.x / 2.2.x LooseUDP code was considered a security issue. Because of this, it was removed from the kernel. Fortunately, some games that used to require the LooseUDP code on the 2.2.x IPCHAINS system might work just final under the 2.4.x IPTABLES kernels. If the games don't work, I'm not aware of a solution for you. Sorry. </P ></LI ></UL ></P ><P >Once you are running the new LooseUDP enabled kernel, you should be good to go for most NAT-friendly games. Some URLs have been given for patches to make games like BattleZone and others NAT friendly. Please see <A HREF="supported-client-software.html#GAME-CLIENTS" >Section 6.3.1</A > for more details.</P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="icq.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="faq.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Mirabilis ICQ</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ipmasq-support-portfw-and-stronger-rulesets.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Frequently Asked Questions</TD ></TR ></TABLE ></DIV ></BODY ></HTML >