[Firehol-support] America's Army

Costa Tsaousis costa at tsaousis.gr
Sat Feb 12 10:08:06 GMT 2005


Daniel,

Post some logs that show what is blocked.

Costa


> Could someone please help me with publishing an America's Army server
> through Firehol?  The following config isn't working:
>
> AA_IF="eth1"
> AA_LAN="67.106.235.97/27"
> AA_IP="67.106.235.121"
> AA_BCAST="67.106.235.127"
>
> BASTION_IP="192.168.0.2"
>
> nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
> tcp dport 1716:1718
> nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
> udp dport 8777
> nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
> udp dport 27900
> nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
> tcp dport 20045
> nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
> tcp dport 14200
>
> server_americasarmy_ports="tcp/1716 tcp/1717 tcp/1718 udp/8777 udp/27900
> tcp/20045 tcp/14200"
> client_americasarmy_ports="default 1716 1717 1718 8777 27900 20045 14200"
>
> interface "${AA_IF}" aa src not "${UNROUTABLE_IPS} ${AMFESLAN_LAN}" dst
> "${AA_IP}"
>         protection strong 100/sec 50
>         server ident reject with tcp-reset
>         server custom aa1 tcp/1716 default accept
>         server custom aa2 tcp/1717 default accept
>         server custom aa3 tcp/1718 default accept
>         server custom aa4 udp/8777 default accept
>         server custom aa5 udp/27900 default accept
>         server custom aa6 tcp/20045 default accept
>         server custom aa7 tcp/14200 default accept
>         client all accept
>
> router aainternet2aalan inface "${AA_IF}" outface "${AMFESLAN_IF}"
>        protection strong 100/sec 50
> #       server americasarmy accept
>        route ident reject with tcp-reset
>         server custom aa1 tcp/1716 default accept
>         server custom aa2 tcp/1717 default accept
>         server custom aa3 tcp/1718 default accept
>         server custom aa4 udp/8777 default accept
>         server custom aa5 udp/27900 default accept
>         server custom aa6 tcp/20045 default accept
>         server custom aa7 tcp/14200 default accept






More information about the Firehol-support mailing list