[Firehol-support] America's Army

Daniel L. Miller dmiller at amfes.com
Mon Feb 14 14:26:47 GMT 2005 

I found one problem - most of the ports I defined as TCP are supposed to 
be UDP.  So that gives me the beginnings of a connection - but it's 
still not there.

I am using ULOG, so I don't know if that changes things.  Looking 
through the /var/log/ulog/syslogemu.log file, I can see the connected 
entries - I don't see anything about blocks or rejects.  Where would I 
find that, or do I need to change my logging?

Costa Tsaousis wrote:

>Daniel,
>
>Post some logs that show what is blocked.
>
>Costa
>
>
>  
>
>>Could someone please help me with publishing an America's Army server
>>through Firehol?  The following config isn't working:
>>
>>AA_IF="eth1"
>>AA_LAN="67.106.235.97/27"
>>AA_IP="67.106.235.121"
>>AA_BCAST="67.106.235.127"
>>
>>BASTION_IP="192.168.0.2"
>>
>>nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
>>tcp dport 1716:1718
>>nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
>>udp dport 8777
>>nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
>>udp dport 27900
>>nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
>>tcp dport 20045
>>nat to-destination $BASTION_IP inface "${AA_IF}" dst "${AA_IP}" proto
>>tcp dport 14200
>>
>>server_americasarmy_ports="tcp/1716 tcp/1717 tcp/1718 udp/8777 udp/27900
>>tcp/20045 tcp/14200"
>>client_americasarmy_ports="default 1716 1717 1718 8777 27900 20045 14200"
>>
>>interface "${AA_IF}" aa src not "${UNROUTABLE_IPS} ${AMFESLAN_LAN}" dst
>>"${AA_IP}"
>>        protection strong 100/sec 50
>>        server ident reject with tcp-reset
>>        server custom aa1 tcp/1716 default accept
>>        server custom aa2 tcp/1717 default accept
>>        server custom aa3 tcp/1718 default accept
>>        server custom aa4 udp/8777 default accept
>>        server custom aa5 udp/27900 default accept
>>        server custom aa6 tcp/20045 default accept
>>        server custom aa7 tcp/14200 default accept
>>        client all accept
>>
>>router aainternet2aalan inface "${AA_IF}" outface "${AMFESLAN_IF}"
>>       protection strong 100/sec 50
>>#       server americasarmy accept
>>       route ident reject with tcp-reset
>>        server custom aa1 tcp/1716 default accept
>>        server custom aa2 tcp/1717 default accept
>>        server custom aa3 tcp/1718 default accept
>>        server custom aa4 udp/8777 default accept
>>        server custom aa5 udp/27900 default accept
>>        server custom aa6 tcp/20045 default accept
>>        server custom aa7 tcp/14200 default accept
>>    
>>
>
>  
>

-- 
Daniel

More information about the Firehol-support mailing list