#!/bin/bash 
#
# These are the rules required to run Total Annihilation against Phoenix Worx
# through a Linux firewall. 
#
# For more information see the following links:
# http://support.microsoft.com/default.aspx?scid=kb;en-us;Q240429
#
# Warning: Notice that you will be opening huge holes straight through 
# your firewall. Microsoft (i.e. DirectPlay, et cetera) can use UPnP to 
# communicate to firewalls, but due to UPnP's buggy and severely 
# overcomplicated design, it's implementation in Linux has been slow at 
# best. For those who are interested in doing it "the right way", look at 
# http://linux-igd.sourceforge.net/ and http://upnp.sourceforge.net/.
#

# external ip/host address.
ehost="something.net"
# external interface.
eiface="eth1"
# internal host to send traffic to.
ihost="192.168.0.11"

# Microsoft DirectX Gaming (DirectPlay) 7
iptables -t nat -A PREROUTING -p udp --dport 2300:2400 --destination \
$ehost -j DNAT --to-destination $ihost
iptables -t nat -A PREROUTING -p tcp --dport 2300:2400 --destination \
$ehost -j DNAT --to-destination $ihost

# Direct Play Server
iptables -t nat -A PREROUTING -p tcp --dport 47624 --destination \
$ehost -j DNAT --to-destination $ihost
iptables -t nat -A PREROUTING -p udp --dport 47624 --destination \
$ehost -j DNAT --to-destination $ihost

# DirectPlay 8
iptables -t nat -A PREROUTING -p udp --dport 6073 --destination \
$ehost -j DNAT --to-destination $ihost
iptables -t nat -A PREROUTING -p tcp --dport 6073 --destination \
$ehost -j DNAT --to-destination $ihost

# MSN Gaming Zone
iptables -t nat -A PREROUTING -p udp --dport 28800:29000 --destination \
$ehost -j DNAT --to-destination $ihost
iptables -t nat -A PREROUTING -p tcp --dport 28800:29000 --destination \
$ehost -j DNAT --to-destination $ihost

iptables -A FORWARD -p tcp --dport 2300:2400 -i $eiface -j ACCEPT
iptables -A FORWARD -p udp --dport 2300:2400 -i $eiface -j ACCEPT
iptables -A FORWARD -p tcp --dport 47624 -i $eiface -j ACCEPT
iptables -A FORWARD -p udp --dport 47624 -i $eiface -j ACCEPT
iptables -A FORWARD -p tcp --dport 6073 -i $eiface -j ACCEPT
iptables -A FORWARD -p udp --dport 6073 -i $eiface -j ACCEPT
iptables -A FORWARD -p tcp --dport 28800:29000 -i $eiface -j ACCEPT
iptables -A FORWARD -p udp --dport 28800:29000 -i $eiface -j ACCEPT