From owner-freebsd-questions@FreeBSD.ORG Thu Aug 7 14:13:38 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABC0937B401 for ; Thu, 7 Aug 2003 14:13:38 -0700 (PDT) Received: from out006.verizon.net (out006pub.verizon.net [206.46.170.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9ABD943FBD for ; Thu, 7 Aug 2003 14:13:37 -0700 (PDT) (envelope-from mike@pcmedx.com) Received: from duron.pcmedx.com ([4.46.1.67]) by out006.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030807211337.FTWH16647.out006.verizon.net@duron.pcmedx.com>; Thu, 7 Aug 2003 16:13:37 -0500 Received: from localhost (localhost [127.0.0.1]) by duron.pcmedx.com (Postfix) with ESMTP id 689C6ACBD; Thu, 7 Aug 2003 14:13:36 -0700 (PDT) Received: from mike (mike.pcmedx.com [192.168.240.244]) by duron.pcmedx.com (Postfix) with SMTP id BD690ACBC; Thu, 7 Aug 2003 14:13:35 -0700 (PDT) Message-ID: <007101c35d28$c6e57f70$f4f0a8c0@pcmedx.com> From: "Mike Maltese" To: References: <000c01c35d14$1569cc10$0701a8c0@darryl> Date: Thu, 7 Aug 2003 14:13:41 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by amavisd (http://www.amavis.org) and f-prot (http://www.f-prot.com) at pcmedx.com X-Authentication-Info: Submitted using SMTP AUTH at out006.verizon.net from [4.46.1.67] at Thu, 7 Aug 2003 16:13:36 -0500 Subject: Re: ipfilter - port forward question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 21:13:39 -0000 > map ep0 192.168.1.0/24 -> 0/32 > rdr epo 24.225.33.0/32 port 31240 -> 192.168.1.35 port 31240 tcp Try "rdr ep0 0/0 port 31240 -> 192.168.1.35 port 31240 tcp" in your nat rules and try something like "pass in quick on ed0 all keep state/pass out quick on ed0 all keep state" in your ipf rules. There's really no need to open up the whole machine like this though. Why not "pass in quick on ed0 proto tcp from any to any port = 31240 flags S keep state"? One last thing that I just thought of...are you sure the game uses TCP? Most games use UDP because of the lower overhead.