From owner-freebsd-ipfw@freebsd.org Sat Nov 28 04:19:20 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2D07CA3A503 for ; Sat, 28 Nov 2015 04:19:20 +0000 (UTC) (envelope-from graham@menhennitt.com.au) Received: from homiemail-a82.g.dreamhost.com (sub5.mail.dreamhost.com [208.113.200.129]) by mx1.freebsd.org (Postfix) with ESMTP id 088A9195C for ; Sat, 28 Nov 2015 04:19:19 +0000 (UTC) (envelope-from graham@menhennitt.com.au) Received: from homiemail-a82.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a82.g.dreamhost.com (Postfix) with ESMTP id 14ABC282065; Fri, 27 Nov 2015 20:19:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=menhennitt.com.au; h= subject:to:references:cc:from:message-id:date:mime-version :in-reply-to:content-type:content-transfer-encoding; s= menhennitt.com.au; bh=SUfArlIMoj1F2Va0zKBlGg2a6z0=; b=oVoHx5Q7H5 Cq/pmzZdyDSBBiERWs18UOlOyPFJho917neVOYtmKXZDRN1XpBoXaX9a05Cfps+R aSJtohtUEYFYyftMPuN7zwHsrVZTXDJsuy8oWeX17ZdCUKbg360fhSaSRqmxEtaI /NHKdhKNC3QWEXyp52ayLWWIoYPP5Bl7w= Received: from [203.2.73.68] (c122-107-214-88.mckinn3.vic.optusnet.com.au [122.107.214.88]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: graham@menhennitt.com.au) by homiemail-a82.g.dreamhost.com (Postfix) with ESMTPSA id 4E85B282061; Fri, 27 Nov 2015 20:19:12 -0800 (PST) Subject: Re: connecting a PS4 via IPFW To: Thomas References: <5655405C.1060301@menhennitt.com.au> <20151127180317.GA3661@host> Cc: freebsd-ipfw@freebsd.org From: Graham Menhennitt X-Enigmail-Draft-Status: N1110 Message-ID: <56592B3D.5070800@menhennitt.com.au> Date: Sat, 28 Nov 2015 15:19:09 +1100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <20151127180317.GA3661@host> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Nov 2015 04:19:20 -0000 On 28/11/2015 05:03, Thomas wrote: > Aren't your regular NAT rules in NAT instance 1? That command will > overwrite those and leave just the new ones. > > If that's the case, you can put those rules in a different NAT instance, > or add them to the rest of your NAT rules. > > > Wed, Nov 25, 2015 at 04:00:12PM +1100, Graham Menhennitt: >> Hello IPFWers, >> >> I have a box running FreeBSD 10-stable that I use as a >> router/firewall/NAT. It runs IPFW and uses kernel NAT. My son is nagging >> me about playing multi-player online games on his Sony PS4. >> >> From what I've read, I could enable UPnP. But I've tried compiling the >> net/miniupnpd port but it won't build for IPFW (and I don't want to >> convert to PF). >> >> Giving up on that, I'm now trying to enable port forwarding - >> apparently, this will fix it. I've allocated the PS4 a static IP address >> on my LAN. I need to port forward TCP ports 80, 443, 1935, 3478-3480, >> and UDP ports 3478-3479. I've tried the following command: >> >> ... >> but that completely kills my Internet connection for all other uses (and >> the PS4 still doesn't work!). >> Thanks for responding, Thomas. You're right - that's what's killing my Internet connection. I've changed the command to: ipfw nat 1 config if re1 same_ports \ redirect_port tcp ${PS4_LAN_ADDRESS}:80 80 \ redirect_port tcp ${PS4_LAN_ADDRESS}:443 443 \ redirect_port tcp ${PS4_LAN_ADDRESS}:1935 1935 \ redirect_port tcp ${PS4_LAN_ADDRESS}:3478 3478 \ redirect_port tcp ${PS4_LAN_ADDRESS}:3479 3479 \ redirect_port tcp ${PS4_LAN_ADDRESS}:3480 3480 \ redirect_port udp ${PS4_LAN_ADDRESS}:3478 3478 \ redirect_port udp ${PS4_LAN_ADDRESS}:3479 3479 At least it doesn't kill anything now. But the PS4 still doesn't work. When I do "Test internet connection" on it, it says "NAT: Failed". For a DMZ, I need a separate network for the PS4 - is that right? That means a separate physical connection (i.e. WAP or cable). Thanks again, Graham