[Firehol-support] America's Army

Daniel L. Miller dmiller at amfes.com
Sat Feb 12 03:51:40 CET 2005


Could someone please help me with publishing an America's Army server 
through Firehol?  The following config isn't working:

AA_IF="eth1"
AA_LAN="67.106.235.97/27"
AA_IP="67.106.235.121"
AA_BCAST="67.106.235.127"

BASTION_IP="192.168.0.2"

nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto 
tcp dport 1716:1718
nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto 
udp dport 8777
nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto 
udp dport 27900
nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto 
tcp dport 20045
nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto 
tcp dport 14200

server_americasarmy_ports="tcp/1716 tcp/1717 tcp/1718 udp/8777 udp/27900 
tcp/20045 tcp/14200"
client_americasarmy_ports="default 1716 1717 1718 8777 27900 20045 14200"

interface "${AA_IF}" aa src not "${UNROUTABLE_IPS} ${AMFESLAN_LAN}" dst 
"${AA_IP}"
        protection strong 100/sec 50
        server ident reject with tcp-reset
        server custom aa1 tcp/1716 default accept
        server custom aa2 tcp/1717 default accept
        server custom aa3 tcp/1718 default accept
        server custom aa4 udp/8777 default accept
        server custom aa5 udp/27900 default accept
        server custom aa6 tcp/20045 default accept
        server custom aa7 tcp/14200 default accept
        client all accept

router aainternet2aalan inface "${AA_IF}" outface "${AMFESLAN_IF}"
       protection strong 100/sec 50
#       server americasarmy accept
       route ident reject with tcp-reset
        server custom aa1 tcp/1716 default accept
        server custom aa2 tcp/1717 default accept
        server custom aa3 tcp/1718 default accept
        server custom aa4 udp/8777 default accept
        server custom aa5 udp/27900 default accept
        server custom aa6 tcp/20045 default accept
        server custom aa7 tcp/14200 default accept





More information about the Firehol-support mailing list