From owner-freebsd-pf@FreeBSD.ORG Fri Aug 31 07:49:37 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DBE31106566B; Fri, 31 Aug 2012 07:49:37 +0000 (UTC) (envelope-from budiyt@gmail.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2F2B48FC17; Fri, 31 Aug 2012 07:49:36 +0000 (UTC) Received: by lbbgg13 with SMTP id gg13so1238462lbb.13 for ; Fri, 31 Aug 2012 00:49:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=VYmomPDJZLkJP9Kig//L9RAJiNAbMb4qV3ypAvOFdlw=; b=JBrXOD58OtHKOCg2+xgZWIbEGuJ0Qb7j3Xl6VZYEiViKP200zN9ZVNqk1QO1ZwPziX 7tyvCEv+1V16T0Inll66kfl2grg1Ckkl+MDsN1uuCXCgaXCskKPpNedDNK0c/QJt4TIV 6B11Ciw3Bt/XQD86EzHvWtDqGcGs4sXne0vhU96eVNNf+/tnBYYOSr4Ei1XhaE3rLrZd P+4XIjijU+J7sNoFL8JlWCqgBmF2q0ct2UPnOiGjYqq0g8WUHBIsLreKPh3RUA1dkXTC kX0mcrEwSLrH6zpW6UWl/hYD9fN67wiU7MlNUO7bfwkmtuBnCc5KeJLqPtp3EgXrxm1g rizA== MIME-Version: 1.0 Received: by 10.112.83.8 with SMTP id m8mr2257766lby.115.1346399375783; Fri, 31 Aug 2012 00:49:35 -0700 (PDT) Received: by 10.114.28.33 with HTTP; Fri, 31 Aug 2012 00:49:35 -0700 (PDT) Date: Fri, 31 Aug 2012 14:49:35 +0700 Message-ID: From: budsz To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-questions@freebsd.org Subject: PF RDR from LAN to LAN X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Aug 2012 07:49:38 -0000 Hi folks, I've little questions about RDR using Packet Filter (PF), I used IPF (IPFILTER) before and success with this scenario. extif = outside interface intif = internal interface public_ip = 202.xxx.xxx.xxx client_create = 192.168.1.1, port = 6112 client_join = 192.168.1.2 for outside/internet rdr pass on $extif proto tcp from any to $public_ip port 6112 -> $client_create port 6112 That's rule success can forward from from internet to $client_create, now other plan how to forward $client_join to $client_create. I use this rule: rdr pass on $intif proto tcp from $client_join to $public_ip port 6112 -> $client_create port 6112 As far i know if $client_create created game host with port 6112 will be translate to $public_ip with port 6112 too. so I need to forward from LAN to $public_ip/6112 to actually who create game ($client_create/6112) pfctl -s state resulting: client_create 6112 <- public_ip 6112 <- client_join SYS-CLOSED Anyone help for this issue - Thank you -- budsz