[Firehol-support] America's Army

Costa Tsaousis costa at tsaousis.gr
Tue Feb 15 01:08:41 CET 2005 

Danniel,

proto "tcp udp"

will match both protocols when used as an optional rule parameter. You can
define multiple protocols in service definitions too. Check the
documentation.

If you don't see any other packets logged (starting with IN-<name>,
OUT-<name> or PASS-unknown), then nothing is dropped.

Costa


> I found one problem - most of the ports I defined as TCP are supposed to
> be UDP.  So that gives me the beginnings of a connection - but it's
> still not there.
>
> I am using ULOG, so I don't know if that changes things.  Looking
> through the /var/log/ulog/syslogemu.log file, I can see the connected
> entries - I don't see anything about blocks or rejects.  Where would I
> find that, or do I need to change my logging?
>
> Costa Tsaousis wrote:
>
>>Daniel,
>>
>>Post some logs that show what is blocked.
>>
>>Costa
>>
>>
>>
>>
>>>Could someone please help me with publishing an America's Army server
>>>through Firehol?  The following config isn't working:
>>>
>>>AA_IF="eth1"
>>>AA_LAN="67.106.235.97/27"
>>>AA_IP="67.106.235.121"
>>>AA_BCAST="67.106.235.127"
>>>
>>>BASTION_IP="192.168.0.2"
>>>
>>>nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
>>>tcp dport 1716:1718
>>>nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
>>>udp dport 8777
>>>nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
>>>udp dport 27900
>>>nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
>>>tcp dport 20045
>>>nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
>>>tcp dport 14200
>>>
>>>server_americasarmy_ports="tcp/1716 tcp/1717 tcp/1718 udp/8777 udp/27900
>>>tcp/20045 tcp/14200"
>>>client_americasarmy_ports="default 1716 1717 1718 8777 27900 20045
>>> 14200"
>>>
>>>interface "${AA_IF}" aa src not "${UNROUTABLE_IPS} ${AMFESLAN_LAN}" dst
>>>"${AA_IP}"
>>>        protection strong 100/sec 50
>>>        server ident reject with tcp-reset
>>>        server custom aa1 tcp/1716 default accept
>>>        server custom aa2 tcp/1717 default accept
>>>        server custom aa3 tcp/1718 default accept
>>>        server custom aa4 udp/8777 default accept
>>>        server custom aa5 udp/27900 default accept
>>>        server custom aa6 tcp/20045 default accept
>>>        server custom aa7 tcp/14200 default accept
>>>        client all accept
>>>
>>>router aainternet2aalan inface "${AA_IF}" outface "${AMFESLAN_IF}"
>>>       protection strong 100/sec 50
>>>#       server americasarmy accept
>>>       route ident reject with tcp-reset
>>>        server custom aa1 tcp/1716 default accept
>>>        server custom aa2 tcp/1717 default accept
>>>        server custom aa3 tcp/1718 default accept
>>>        server custom aa4 udp/8777 default accept
>>>        server custom aa5 udp/27900 default accept
>>>        server custom aa6 tcp/20045 default accept
>>>        server custom aa7 tcp/14200 default accept
>>>
>>>
>>
>>
>>
>
> --
> Daniel
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>

More information about the Firehol-support mailing list