Date: Sun, 29 Apr 2012 22:45:51 -0700 From: Darren Pilgrim <darren.pilgrim@gmail.com> To: Michael MacLeod <mikemacleod@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Full Cone NAT In PF Message-ID: <4F9E270F.3070605@gmail.com> In-Reply-To: <CAM-FeoFie0aZJXu0%2BiCo=_myjz1QH89G1WSBDmp8PUZ2NYQkHg@mail.gmail.com> References: <CAM-FeoFie0aZJXu0%2BiCo=_myjz1QH89G1WSBDmp8PUZ2NYQkHg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2012-04-29 17:03, Michael MacLeod wrote: > I understand that cone NAT is a generally terrible and insecure way to do > NAT, but game and application developers seem hell-bent on depending on > cone NAT behaviour. Is there a way to make it work with PF? Not directly, no. In most cases where the application/device will not work through symmetric NAT, all that is necessary is a port forward, not true full-cone NAT. Have a look at the net/miniupnpd port. It is a UPnP daemon that anchors to pf and maintains rdr rules for dynamic port forwarding. You can do the same thing on a static basis by maintaining your own nat static-port and rdr rules if your SIP devices do not support UPnP. For those who search mail archives, this is also how you get a FreeBSD router to make your PS3 show NAT type 2 instead of type 3 or your Xbox show NAT type open instead of strict or moderate.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F9E270F.3070605>