From: SE Florida
I have DAoC working, I will post my rules tonight when I get home and can look them up. I know that I had to open up more ports than they had listed on the DAoC site. I think I had to add 10501, 10502, 10503 as well.
The ip address that you refered to need to be an allowed destination if you are restricting what sites users can reach. If you have all destinations open you dont need to worry about this
And I create a Protocol Rule that contained all of these definitions
Hope this helps
The "DAoC Game Server" and "DAoC Login Server" protocol rules are **complex protocol** rules. Those are why you'd need the Firewall client. Thus, you are NOT opening up all the UDP ports for just any outgoing connection - those ports will only be available for outgoing connections from the client that first established the primary connection - while the primary connection remains established.
When I made a post long ago about this, I did traces of how DAoC was sending its data. It's possible to have it only go TCP ... in which case, you'd just modify the above complex protocol rules to simple protocol rules (ie. just the TCP port). If you do that, you only need to have your clients setup as SecureNAT clients - ie. their default gateway is directed through the ISA Server (either directly, or via internal routing structure).
You aren't exposing yourself to any huge security hole by making a complex protocol rule allowing the large range of UDP ports. For example, if you had SomeNewStupidTrojan running in the background on your machine which periodically sent UDP packets, for example on UDP 6666, to its internet host, these packets would NOT be allowed due to the above complex protocol rules.
(btw. I'm still playing DAoC with those exact same protocol rules.)
One more thing - this is all asuming you are not actually playing the game on the machine running ISA Server (some people might find this over-stating the obvious, but there are people who do this), but you are playing from a client behind ISA.
If you are actually wanting to play DAoC from an ISA Server machine, do NOT install the firewall client, and create Packet Filters for the specified TCP Ports.
This is not recommended though (for obvious reasons).
quote:Originally posted by jgisler: Been playing this game since it came out. No rules needed for firewall clients. Only protocol rules needed for SNAT clients.
Elaborating on this...
If you have a single Protocol Rule of "Allow all", then for Firewall clients, you don't need any additional Protocol Definitions. Assuming the protocol is NAT-friendly, it literally means "Allow all".
The "Allow all" Protocol Rule for SecureNAT clients behaves differently. In this case, "Allow all" means "allow all defined protocol definitions." Keep in mind that this only means SIMPLE protocol definitions. Complex protocols (ie. secondary connections) require an Application Filter (like the FTP and Streaming Media application filters) in order for SecureNAT clients to be allowed access.