Whelp, still no success.
So for completeness' sake the following is an excerpt from
http://www.strategyplanet.com/sfc/sfc2/faq_online.shtml#onlineBEGIN
For those of you who has a firewal of some sort. Here are the ports you need to open for Starfleet Command.
Ports for running a server:
15101
15300
28100
6667
27900
Ports for clients and hosting multiplayer:
47624
2300-2400
6500
GameSpy Ports:
6667 (IRC)
80 (HTTP)
27900 (Master Server UDP Heartbeat)
28900 (Master Server List Request)
29900 (GP Connection Manager)
29901 (GP Search Manager)
13139 (Custom UDP Pings)
6500 (incoming, UDP and TCP, default roomquery port; can be customized with roomqueryport=<port #> in svc.cfg)
END
Of note, for the game Dungeon Siege, just to compare:
from
http://support.microsoft.com/default.aspx?scid=kb;en-us;320020 :
BEGIN
Dungeon Siege requires that the following UDP and TCP ports be open to start multiplayer games:
Connection to ZoneMatch: 2300 UDP
News and AutoUpdate: 80 TCP
When a multiplayer game is in session, Dungeon Siege uses the following DirectPlay ports:
Connection Ports for Client Configuration Ports for Host Configuration
Initial UDP Connection 6073 Outbound for Joining 6073 Inbound for Hosting
Subsequent UDP Inbound 2302-2400 2302-2400
Subsequent UDP Outbound 2302-2400 2302-2400
END
And here's a good article on DirectX and which ports need to be enabled.
From
http://support.microsoft.com/default.aspx?scid=kb;EN-US;240429 :
BEGIN
To play DirectX games through a network firewall or proxy server, the following requirements must be met:
To ensure DirectPlay compatibility, the latest version of DirectX should be installed on the computers used by all players who participate in the game.
The following TCP and UDP ports must be open on the firewall or proxy server:
Using DirectX 7 method:
Connection Ports for Client Configuration Ports for Host Configuration
Initial TCP Connection 47624 Outbound 47624 Inbound
Subsequent TCP Inbound 2300-2400 2300-2400
Subsequent TCP Outbound 2300-2400 2300-2400
Subsequent UDP Inbound 2300-2400 2300-2400
Subsequent UDP Outbound 2300-2400 2300-2400
Using DirectX 8 method:
Connection Ports for Client Configuration Ports for Host Configuration
Initial UDP Connection 6073 Outbound 6073 Inbound
Subsequent UDP Inbound 2302-2400 2302-2400
Subsequent UDP Outbound 2302-2400 2302-2400
To determine the DirectPlay method for games that utilize the DirectPlay Lobby service, follow these steps:
On the Windows Start menu, click Run.
In the Open box, type dxdiag, and then click OK.
Click the Save All Information button to save a Dxdiag.txt report.
Click Desktop, and then click Save.
Open the DxDiag.txt file on your desktop and find the section marked "DirectPlay Lobbyable Apps".
Note that each game listed here will report either "(DX7)" or "(DX8)" which corresponds to its DirectPlay connection method.
Note DirectPlay8 games can work with the Internet Connection Firewall (ICF) capabilities of Windows XP. When the game begins hosting, enumerating, or connecting, the appropriate ports will automatically open and when the game shuts down, these ports will automatically close.
END
Here's a more promising article (though the best link in it seems to be dead.. Auggh!.
From:
http://www.gamespyarcade.com/helpers/workshop/routers/#SMCBarricadeBEGIN
SMC Barricade DSL Router
Visit NetGamer's SMC 7004BR Barricade and DXPort configuration page.
Special Applications
SMC7004ABR, SMC7004AWBR, SMC7008ABR
After reviewing the documentation on the SMC Barricade DSL Routers, I believe that the following will work for DirectPlay applications. In the Setup | Advanced Settings | Special Application menu, use 47624 TCP as trigger, then 2300-2400 ports as "public ports" these are both TCP and UDP so you may need two lines to do this. And don't forget to click enabled.
SMC7004BR, SMC7004WBR, 7008BR
I believe that some routers (7004BR, 7004WBR, 7008BR) firmware has an option for some applications in the Special Applications menu.
The Demilitarized Zone (DMZ)
Because DMZ exposes all ports it is inherently less secure. I recommend that you use DMZ only if other methods fail. You should use other means to protect the machine from compromise.
I don't believe that you can forward a range of ports with the Barricade Routers. So, you will have to put the machine you wish to play in the DMZ. Don't forget to remove the machine from the DMZ when you are done playing as it exposes that machine and thus your entire network to a potential intruder.
END
Anyhow, I'll keep plugging away.
-TF