[NFZ#gangofkittens]

Hello, so I'm trying to configure my iptables to start the UrT server and I have a problem with that.
And I'm running Debian 7 on a VPS.
This is my current iptables script:

Spoiler

### BEGIN INIT INFO
#!/bin/sh
IPTABLES_MODULES="ip_conntrack_ftp"
IPT=/sbin/iptables

case "$1" in
start)
echo «Starting iptables»

# Allow incoming SSH only from a specific IP
$IPT -A INPUT -i venet0 -p tcp -s 176.114.248.130 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow incoming HTTP
$IPT -A INPUT -i venet0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow incoming HTTPS
$IPT -A INPUT -i venet0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT

# UrT Port
$IPT -A INPUT -i venet0 -p udp -m udp --dport 27960 -j ACCEPT
$IPT -A INPUT -i venet0 -p udp -m udp --dport 27950 -j ACCEPT
$IPT -A INPUT -i venet0 -p udp -m udp --dport 27952 -j ACCEPT

# Ping from outside to inside
$IPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# Prevent DoS attack on port 80
$IPT -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

# OUTPUT
$IPT -A OUTPUT -j ACCEPT

# DROP on interface venet0
$IPT -A INPUT -i venet0 -j DROP
$IPT -A FORWARD -i venet0 -j DROP

;;
stop)
echo «Stopping iptables»

$IPT -F
$IPT -X

$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
;;
*)
echo «Usage: /etc/init.d/iptables {start|stop}»
exit 1
;;
esac

exit 0
### END INIT INFO

iptables -L looks like this:

Spoiler

root@myvps:/home/urt# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  176.114.248.130      anywhere             tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https state NEW,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere             udp dpt:27960
ACCEPT     udp  --  anywhere             anywhere             udp dpt:27950
ACCEPT     udp  --  anywhere             anywhere             udp dpt:27952
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http limit: avg 25/min burst 100
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 
ACCEPT     all  --  anywhere             anywhere

And this is what happens when I start the UrT server:

Spoiler

-----------------------------------
auth: resolving authserver address
auth: authserver has no IPv4 address.
InitAuth: \auth\0\auth_status\init\auth_cheaters\1\auth_tags\1\auth_notoriety\0\auth_groups\\auth_verbosity\1
auth: sending heartbeat
broadcast: print "Server: g_noVest changed to 0\n"
^3WARNING: g_noVest can be used only in Jump mode
broadcast: print "Server: auth changed to 1\n"
broadcast: print "Server: auth_status changed to public\n"
-----------------------------------
Hitch warning: 903 msec frame time
auth: sending heartbeat
Resolving master.urbanterror.info
Couldn't resolve address: master.urbanterror.info
Resolving master2.urbanterror.info
Couldn't resolve address: master2.urbanterror.info
Resolving master.quake3arena.com
Couldn't resolve address: master.quake3arena.com
Hitch warning: 100549 msec frame time

Thanks

This post has been edited by gangofkittens: 17 May 2015 - 10:20 AM

[KroniK]

That looks like a DNS error not an iptables issue. Can you ping master.urbanterror.info?

Also, does it work when the iptables service is stopped?

This post has been edited by KroniK: 18 May 2015 - 12:57 AM

[NFZ#gangofkittens]

Yes it does works with iptables stopped and when the rules are flushed.
And I can't ping master.urbanterror.info

Ah well thanks!!! It was enough to add the DNS rule to the iptables tottaly forgot about that.

What I did is added these 2 lines into the iptables script:

# Allow DNS
$IPT -A OUTPUT -p udp -o venet0 --dport 53 -j ACCEPT
$IPT -A INPUT -p udp -i venet0 --sport 53 -j ACCEPT

This post has been edited by gangofkittens: 18 May 2015 - 12:36 PM