Quoting Kurt Siegl (007 at freemail.at): > On Wednesday 01 May 2002 09:36, Bob Tanner wrote: > > Summary: > > > > Is it possible to run netrek behind a linux firewall using iptables and > > masquarding? > > With portSwap: on the client actively opens the connection to the server. > This is enough to get through masqerading hosts, as well as firewalls wich > are open for connections from the inside. I assume portSwap: is a cow only parameter, based on this post from Alec? http://archives2.real-time.com/vanilla-list/1999/Apr/msg00023.html Does the lastest build of cow have portSwap enabled by default? I'm assuming so, from this url: http://www.netrek.org/cow/current/README.html I'm assuming you can config the client to use something like port 9999 with the portSwap feature. So firewall rules would look something like this (if you got portSwap): open a hole for tcp port 2592 to your favorite server; this is the initial tcp connection open a hole for udp port 9999 to your favorite server; this is the real-time traffic of the game Any other ports that should be opened? My confusion is with James posting here: http://archives2.real-time.com/vanilla-clients/2000/Mar/msg00008.html His recommendation is to use trekhopd, is that still the best recommendation? If so, could it be made into an iptables module? -- Bob Tanner <tanner at real-time.com> | Phone : (952)943-8700 http://www.mn-linux.org, Minnesota, Linux | Fax : (952)943-8500 Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9