Opening up AH UDP in IPCHAINS

[geistx]

I have a linux firewall and I use the tool pmfirewall to configure ipchains on my firewall.  I have tried many permutations of the chain rules to open up UDP access to AH (in hopes of increasing performance).  My PC is on an internal network (192.168.X.X) and is MASQed through to the outside world.

Has anyone done this and do they have any ideas/suggestions?

Here is a sample of what I have tried:

ipchains -A input -p udp -s <AH server IPs> 2000:2999 -d <external network port on firewall> -j ACCEPT

I have tried many variances on this.  I have even tried tweaking my output chain to allow udp to the AH servers.  Each time I connect to AH, a few seconds pass, then a message "not able to update, switching to TCP" occurs.  I notice in the tcpdump logs that the server tries to do something via ICMP but I haven't been able to figure out what.  

If no one is able to help it is ok, the TCP connection is stable with very little variance (except the occasional spike).  I am just trying to improve network connectivity.

Also, I have to admit, AH is one of the smoothest running online games I have ever played.  Even my squadmates who connect via 56k dial-up say the experience is enjoyable and relatively lag free (even with RW running).

[geistx]

Sorry I should have posted this under Internet Connectivity.    

[Skuzzy]

Remember, your ipchains rules are followed in order.
That is to say, you will need to put the ipchain that allows access to/from udp ports before any other qualifying ipchains rules.

This is usually what bites most people.  You will also need to specify the output and input chains to allow UDP to go in both directions.

Just rememeber to put these rules before any others in your rc file.

Hope that helps.

[geistx]

It does.  I had them buried in the middle of the chain rules.    

I will move it up to the top of the list and give it a try.

Thanks, chalk this up to one of those "duh" moments.