Just finished configuring my firewall. Everything looks fine so far, since I can join and host games on the net.

My router/firewall is a Linux box with iptables, so I'll copy my config here. Briefly, you need to open TCP ports 6667, 28910, 29900, 29901, 29920 and UDP ports 6500, 27900, 27901, 29910, and forward UDP port 6112 to your machine if you want to host.






# Create chain for Internet traffic
/sbin/iptables -N INET-IN
# Accept/forward existing connections
/sbin/iptables -A INET-IN -m state --state ESTABLISHED,RELATED -j ACCEPT
# Accept all the new connections from secure devices
/sbin/iptables -A INET-IN -m state --state NEW -i ! ppp0 -j ACCEPT

# Your other rules here...

# Gamespy
/sbin/iptables -A INET-IN -p tcp -m tcp --dport 6667 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
/sbin/iptables -A INET-IN -p tcp -m tcp --dport 28910 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
/sbin/iptables -A INET-IN -p tcp -m tcp --dport 29900 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
/sbin/iptables -A INET-IN -p tcp -m tcp --dport 29901 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
/sbin/iptables -A INET-IN -p tcp -m tcp --dport 29920 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
/sbin/iptables -A INET-IN -p udp -m udp --dport 6500 -j ACCEPT
/sbin/iptables -A INET-IN -p udp -m udp --dport 27900 -j ACCEPT
/sbin/iptables -A INET-IN -p udp -m udp --dport 27901 -j ACCEPT
/sbin/iptables -A INET-IN -p udp -m udp --dport 29910 -j ACCEPT

# Warhammer 40K: Dawn of War host
/sbin/iptables -t nat -A PREROUTING -i ppp0 -p udp --dport 6112 -j DNAT --to-dest 10.10.10.10
/sbin/iptables -A FORWARD -i ppp0 -p udp --dport 6112 -d 10.10.10.10 -j ACCEPT


"ppp0" is the Internet connection.
"-A INET-IN" means to add the rule to the chain INET-IN, the one I use to process Internet traffic. Rename it to the chain you use, or remove it if you are using the default chain.
"10.10.10.10" is the IP of the hosting machine