From owner-freebsd-questions Fri Aug 9 12:27:47 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC58937B400 for ; Fri, 9 Aug 2002 12:27:43 -0700 (PDT) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8004843E6E for ; Fri, 9 Aug 2002 12:27:42 -0700 (PDT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from localhost (localhost [127.0.0.1]) by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id g79JPmR68022; Fri, 9 Aug 2002 16:25:48 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Fri, 9 Aug 2002 16:25:47 -0300 (ART) From: Fernando Gleiser X-X-Sender: To: JoeB Cc: FBSDQ Subject: Re: IPNAT rdr command In-Reply-To: Message-ID: <20020809161932.H52217-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 9 Aug 2002, JoeB wrote: > > I have > Pass out quick on rl0 proto udp from any to any port =3D 3568 > Pass in quick on rl0 proto udp from any to any port =3D 3568 > Rules in the ipf rules file but the game just hangs. > > I believe I need redirect rdr rule in IPNAT to get this to work. Yep, it would help. > > Questions. > > 1. What is the rdr rule to redirect that port to a individual machine > behind the firewall on the LAN. rdr rl0 /32 port -> /32 port u= dp replace internal/external and port with the corresponding values. > > 2. Can IPNAT be configured to dynamically redirect that special port > to what ever machine on the LAN is playing the game and control things > so all the machines on the LAN can play the game at the same time, > like a gaming cyber caf=E9 does? I don't know. That would need a special proxy. Try searching the IP Filter mailing list for more info. The problem is you are losing information. You map a bunch of private IPs to a single public IP, so there is no way of knowing which of the internals the remote server is trying to connect to. As far as the remote server is concerned, all of the traffic is coming from the NAT box. =09=09=09Fer > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message