[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

asheron's call and pf

To: misc@openbsd.org
Subject: asheron's call and pf
From: George Nelson <ghnelson@hallowedthoughts.net>
Date: Mon, 18 Mar 2002 11:13:49 -0600
Content-Disposition: inline
User-Agent: Mutt/1.3.21i

Just a heads up for Asheron Call users:

I think I found a decent nat rule set that works well with Asheron's Call.  
This is my results after trial and error and tcpdump:

rdr on xl0 from any to xl0/32 port 9000 -> 192.168.0.7 port 9000
rdr on xl0 from any to xl0/32 port 9001 -> 192.168.0.7 port 9000
binat on xl0 from 192.168.0.7 to 207.46.203.0/24 -> xl0
binat on xl0 from 192.168.0.7 to 207.46.204.0/24 -> xl0

The 207.46.203.0 subnet is needed.  The page at Microsoft about the ports 
that Asheron's Call uses seems to be out of date.  I could not connect 
until I allowed the 207.46.203 subnet in as well.  Without the 2 rdr 
rules, I could connect and patch but could not get past the "entering 
portal space" message.  

Anyways, Replace xl0 with your external interface.  Replace 192.168.0.7 
with your internal ip of the machine that is running AC.

This rule, binat on xl0 from 192.168.0.7 to any -> xl0, works but messes 
up my mail server which runs on xl0 as well.  I just don't receive mail.  
All other services which run on xl0 (dns, httpd, ftpd, sshd, outgoing net 
access) work fine.   I'm interested to know why this rule messes up 
sendmail.

Hope this helps other AC users.

George

Prev by Date: Re: Kernel Option Question
Next by Date: Re: isakmpd and reboots
Prev by thread: Re: non-newbie with a newbie question (ipnat)
Next by thread: "." in default path?
Index(es):
- Date
- Thread