03:08:40 Default DROP TCP 199.108.0.133: 80 → 173.***.***.***:39134 [RST] len=40 ttl=48 tos=0x00 srcmac=00:00:00:00:00:00 dstmac=00:21:91:xx:xx:xx

I added in the x's there.

The second IP number is my Astaro box's WAN address. I've tried setting up a Service and a NAT rule like this:

Service:
SOE Launchpad
TCP
Dest. Port: 1:65535
Source Port: 80

NAT rule:
Traffic Source: SOE 1 (a host with IP 199.108.0.133, interface as any)
Traffic Service: SOE Launchpad
Traffic Destination: External WAN Address
NAT mode: DNAT
Destination: 192.168.2.1 (my computer is here)
Destination Service: SOE Launchpad
Automatic Packet Filter Rule is checked.

It still doesn't work. Any suggestions?

Exchange the Destination and Source entries in your Service definition. In the DNAT, leave the 'Destination service' blank since you are not changing it.

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

Thank you for replying Bob.

The remote server's source port is 80 and the destination port is a range but I'm not sure what it is. Switching the ports didn't work. I have this problem with other connections also. Any suggestions?

Do you see anything else in the packet filter log? Thinking about the line in your first post from the live log, I would have made a NAT rule:

{199.108.0.133} -> HTTP -> External (Address) : DNAT to {192.168.2.1}
select 'Auto packet filter rule'

But, the Astaro is a stateful firewall; it automatically should accept and route responses, so I'm curiuos why you would need a DNAT or even an inbound packet filter rule. Typically, a DNAT is needed only when you want to accept unrequested packets as when you offer a webserver. Unless SOE "pushes" things to you on its own schedule, there's another problem.

The full packet filter log has more information than the live log. Let's look at the same line above from there. Also, what instructions does SOE give about firewalls?

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

/var/log/packetfilter.log:2010:03:17-19:18:44 wrallen ulogd[3391]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" dstmac="00:21:***:xx:xx:xx" srcmac="00:12:43:aa:08:09" srcip="199.108.0.133" dstip="173.***.***.***" proto="6" length="40" tos="0x00" prec="0x80" ttl="48" srcport="80" dstport="59310" tcpflags="RST"


here is the last log for that problem, thanks again

Well, I was off-base, your original service definition certainly corresponds better to the block in the log than would the HTTP one I suggested above. I don't use Astaro at home, so maybe this is a game thing that someone else could help with. SOE must give some instructions on dealing with firewalls...

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

I've searched their knowledge base and couldn't find anything. They change how they do stuff and don't update the KB. They've started streaming content with their latest EQ2 launcher but they didn't list the ports needed. I downloaded their generic station launcher that works with all of their games and that fixed it. Nothing is streamed but it downloads the full game all at once.

I also have the same problem with a java based chat. I can't connect to the chat and the source port on the remote server is 80 and the destination doesn't seem to be a fixed port.

/var/log/packetfilter.log:2010:03:17-20:09:15 wrallen ulogd[3391]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" dstmac="00:21:xx:xx:xx:xx" srcmac="00:12:43:aa:08:09" srcip="64.94.107.28" dstip="173.***.***.***" proto="6" length="40" tos="0x00" prec="0x00" ttl="51" srcport="80" dstport="45526" tcpflags="RST"