#!v0.1 ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; This is an ARSE (Automatic Router Scripting Engine) script ; [For Viking I chipset] ; ; for more details see here.. ; http://corz.org/windows/software/accessories/Automatic-Router-Scripting-Engine/ ; ; ; "console stealth" (aka. "Perfect Stealth") ; ; The games console essentially acts as a "catch-all" for all inbound traffic ; that isn't covered by other port-forwarding rules. ; ; NOTE: This script is setup for a console device at IP address: 192.168.1.100 ; If yours is not 192.168.1.100, then either change it, or edit the address, below. ; ; ALSO NOTE: This is in-progress, and in-testing. you can help! ; send me your feedback, tweaks, anything! I don't have a console, so it's all you! ; ; k.. ; essential tweaks.. nbsize maxipsess 511 ; tweak the NAT / timeout settings ; you may want to play with these.. modify nat global udptimeout 90 #modify nat global tcpidletimeout 3600 tcpclosewait 45 tcptimeout 30 udptimeout 90 ; this is the regular stealth rule no. 1, allowing ALL outbound traffic. create ipf rule entry ruleid 5 dir out act accept storestate enable seclevel high medium low ; this is the special stealth ruleset. rather than drop any inbound packets, we will route ALL ; packets to the games console. no further port-forwarding rules should ever need to be created. delete ipf rule entry ruleid 500000 create ipf rule entry ruleid 500000 ifname public dir in act accept transprot eq num 6 seclevel high medium low create ipf rule entry ruleid 500002 ifname public dir in act accept transprot eq num 17 seclevel high medium low ; then we NAT ALL traffic to the games console.. ; [NOTE: IP address----> is you console here? ----->192.168.1.100<--------->192.168.1.100<-] create nat rule entry ruleid 500000 rdr lcladdrfrom 192.168.1.100 lcladdrto 192.168.1.100 ; NOTE: Nat is an excellent idea, but it's not foolproof. While it perfectly translates IP addresses ; in the data packet headers, it does *not* translate IP addresses inside the packets themselves. ; Not being a gamer, I don't know how significant this is for games, but if you find a game not working, ; you may want to create an ALG rule for the game. With an ALG in place, IP addresses inside the headers ; AND the payload will be translated. ; this is my best guess at a good gamer's ALG.. #create alg port portno 21 upnpaware true algtype sip ; note: the type of alg here is "sip", though there are many others you might like to try. ; edit to suit your needs altering the port number, etc., and uncomment the line. make more, if you need. ; I chose "sip" because any old shite gets sent in a SIP session, I reckoned it would be nice and loose. ; want to know the differences between the alg's? ; check out http://www.rfc-archive.org/getrfc.php?rfc=3027 ; if you need to create rules for your peecee, for p2p, etc, be sure and use rule numbers below 500000 ; then, they will be activated *before* the console stealth, and everything should work fine. # one rule to NAT them all.. create nat rule entry ruleid 100000 napt # you may want to disable this.. UPnP modify upnp cfg nbstatus enable # make the changes permanent.. commit