From owner-freebsd-ipfw@freebsd.org Fri Nov 27 18:03:28 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E2A7CA3A292 for ; Fri, 27 Nov 2015 18:03:27 +0000 (UTC) (envelope-from thomas5th@gmail.com) Received: from mail-qg0-x232.google.com (mail-qg0-x232.google.com [IPv6:2607:f8b0:400d:c04::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9BE7F1AB2 for ; Fri, 27 Nov 2015 18:03:27 +0000 (UTC) (envelope-from thomas5th@gmail.com) Received: by qgec40 with SMTP id c40so77150845qge.2 for ; Fri, 27 Nov 2015 10:03:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=6mkR9mQgGj9Ul7rbKG14B38DdCSOQzstrvwjb5tuGkE=; b=gGW67G9fxtvkjSstcNDAsb8mmh/kjfN/glp9KMzZEup8vokO1qNW+LW3sQVQaqvZ3m XH5nfpK3Z+1jW3wG4XM98FVSN4j8+jYz5+eW4vyUyz15GxWsN7nw2eGvn1CsseHc6hK7 OfInucXVc8LX0Xm8RZvEcm4A9Ts1mslU7Ia3W/naa02E+bMl8nhtQX9Y/pdagsu1io6z uXOeFNHPGk6iKa5MuksoMaU1HdWQ9x1LQiHWrnV99pgniO+BeXSlFdlqJIEtNfgXllFY QsfH65H96VX9oE9t5p4Ytc8oJi62PNPrWNk1mHLtsJH72P9M17X8gwSc9To2RAjbRRxT FWrA== X-Received: by 10.140.174.68 with SMTP id u65mr60023942qhu.62.1448647406683; Fri, 27 Nov 2015 10:03:26 -0800 (PST) Received: from host ([201.47.217.187]) by smtp.gmail.com with ESMTPSA id o20sm9822962qki.42.2015.11.27.10.03.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Nov 2015 10:03:25 -0800 (PST) Date: Fri, 27 Nov 2015 16:03:17 -0200 From: Thomas To: Graham Menhennitt Cc: freebsd-ipfw@freebsd.org Subject: Re: connecting a PS4 via IPFW Message-ID: <20151127180317.GA3661@host> References: <5655405C.1060301@menhennitt.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5655405C.1060301@menhennitt.com.au> X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Nov 2015 18:03:28 -0000 Aren't your regular NAT rules in NAT instance 1? That command will overwrite those and leave just the new ones. If that's the case, you can put those rules in a different NAT instance, or add them to the rest of your NAT rules. As to the risk, given the security history of UPnP, this kind of static port forwarding might be more secure. Redirect only the necessary ports and don't worry about it. Or isolate the PS4 in a DMZ, if you're concerned it could be used as a point of entry into your network. Cheers, Thomas Wed, Nov 25, 2015 at 04:00:12PM +1100, Graham Menhennitt: > Hello IPFWers, > > I have a box running FreeBSD 10-stable that I use as a > router/firewall/NAT. It runs IPFW and uses kernel NAT. My son is nagging > me about playing multi-player online games on his Sony PS4. > > From what I've read, I could enable UPnP. But I've tried compiling the > net/miniupnpd port but it won't build for IPFW (and I don't want to > convert to PF). > > Giving up on that, I'm now trying to enable port forwarding - > apparently, this will fix it. I've allocated the PS4 a static IP address > on my LAN. I need to port forward TCP ports 80, 443, 1935, 3478-3480, > and UDP ports 3478-3479. I've tried the following command: > > ipfw nat 1 config \ > redirect_port tcp ${PS4_LAN_ADDRESS}:1935 80 \ > redirect_port tcp ${PS4_LAN_ADDRESS}:1935 443 \ > redirect_port tcp ${PS4_LAN_ADDRESS}:1935 1935 \ > redirect_port tcp ${PS4_LAN_ADDRESS}:3478 3478 \ > redirect_port tcp ${PS4_LAN_ADDRESS}:3479 3479 \ > redirect_port tcp ${PS4_LAN_ADDRESS}:3480 3480 \ > redirect_port udp ${PS4_LAN_ADDRESS}:3478 3478 \ > redirect_port udp ${PS4_LAN_ADDRESS}:3479 3479 > > but that completely kills my Internet connection for all other uses (and > the PS4 still doesn't work!). > > Could somebody please give me some clues. > > Also, what are the risks of doing this port forwarding? > > Thanks, > Graham > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"