Running server behind complex setup...

[Toops 0]

This is a sticky one. I've been attempting to get this running for over a month now with little success. I don't necessarily even expect the staff here to answer. I've been scouring these forums trying everything I could find.

 

Alright, here goes.

My network setup is slightly odd. It works like this.

Cable Modem =>

Netgear router (stock firmware) (192.168.1.1) =>

Netgear router (DD-WRT v24-sp2 (12/08/11) mega) (open/airvpn) (192.168.2.1) =>

Turnkey Linux server (192.168.2.104) / all other machines, most of the time

 

It took a couple days getting the two routers set up properly, but they work fine. Reason for 2 routers? Easily switch connections for sites like GBATemp (blocks AirVPN connections) which I frequent. I don't think this setup is at the root of my issues, but I'm not ruling it out.

 

What I'm trying to accomplish is running a minecraft / mumble / etc server on the turnkey machine. I can get everything working over the LAN just fine. Not so much over the internets. I've set up the remote port fowarding ala the /ports/ page. For example:

 

16XXX

Protocol: TCP & UDP Local port: 25565

 

With, of course, a DDNS name.

I've set up the firewall rules to look as such:

ptables -I FORWARD -i br0 -o tun0 -j ACCEPT 
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT 
iptables -I FORWARD -i tun0 -p udp -d 192.168.2.104 --dport 25565 -j ACCEPT
iptables -I FORWARD -i tun0 -p tcp -d 192.168.2.104--dport 25565 -j ACCEPT
iptables -I FORWARD -i tun0 -p udp -d 192.168.2.104 --dport 64738 -j ACCEPT
iptables -I FORWARD -i tun0 -p tcp -d 192.168.2.104--dport 64738 -j ACCEPT
iptables -t nat -I PREROUTING -i tun0 -p tcp --dport 25565 -j DNAT --to-destination 192.168.2.104
iptables -t nat -I PREROUTING -i tun0 -p udp --dport 25565 -j DNAT --to-destination 192.168.2.104
iptables -t nat -I PREROUTING -i tun0 -p tcp --dport 64738 -j DNAT --to-destination 192.168.2.104
iptables -t nat -I PREROUTING -i tun0 -p udp --dport 64738 -j DNAT --to-destination 192.168.2.104
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

I've tried tun+ in place of tun0 in the appropriate references. Nuttin'. I've tried --to-destination 192.168.2.104:25565 and --to-destination 192.168.2.104:64738 where applicable. Nuttin'.

 

Port forward page also reveals: Not reachable on server IP over the external port 16382, tcp protocol. Error : 111 - Connection refused

 

Configured the server's iptables to look something like:

:INPUT DROP [36:4994]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3535:1101711]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 12320 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 12321 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25565 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 64738 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT

I get the feeling my problem lies either here and/or the router's firewall rules. Before my ISP went on a port blocking frenzy I was once running this server just fine. I'm just not really familiar with how remote port forwarding works. FYI, I've tried connecting to the server with both the server exit IP (108.59.x.y:16382 - not ideal) and the airvpn ddns address (xxx.airdns.org - ideal) --- nothing.

I'd very much like to take advantage of the DDNS. With this setup it'd be a huge pain to reconfigure so many things whenever the connection drops or I take the server offline for maintenance.

 

Also, since I'm on the subject - provided I get this working correctly - for services like mumble, which requires a port number in the gui to connect, would I use mymumbleserver.airdns.org:16XXX or the real port mymumbleserver.airdns.org:64728?

 

Any input from anyone would be greatly appreciated. I'll provide any more info / screenshots as necessary.

[Staff 9755]

Hello,

 

it looks correct, anyway try not to remap to a different local port: try the same port everywhere.

 

Kind regards

[Toops 0]

Unfortunately, I've tried this too. I had previously had configured the Minecraft/mumble/etc to use a different set of ports, then set up the remote port forwarding through the /ports/ page to use said ports. Nadda. The current configuration with remapped ports was just my latest trial by fire. Though, that said, I'll switch them back. I like all my ports to line up anyway.