From owner-freebsd-questions@FreeBSD.ORG Mon Feb 27 08:33:35 2006 Return-Path: X-Original-To: questions@FreeBSD.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3234C16A420 for ; Mon, 27 Feb 2006 08:33:35 +0000 (GMT) (envelope-from cscotts@mindspring.com) Received: from relay03.pair.com (relay03.pair.com [209.68.5.17]) by mx1.FreeBSD.org (Postfix) with SMTP id B809F43D49 for ; Mon, 27 Feb 2006 08:33:34 +0000 (GMT) (envelope-from cscotts@mindspring.com) Received: (qmail 44402 invoked from network); 27 Feb 2006 08:33:33 -0000 Received: from unknown (HELO ?192.168.1.100?) (unknown) by unknown with SMTP; 27 Feb 2006 08:33:33 -0000 X-pair-Authenticated: 64.108.201.135 In-Reply-To: <43FF68DF.4050709@gmx.net> References: <43FF68DF.4050709@gmx.net> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <45F3558C-0EC8-4F4C-8162-FF7E3AB2948A@mindspring.com> Content-Transfer-Encoding: 7bit From: Scott Sipe Date: Mon, 27 Feb 2006 02:33:32 -0600 To: Frank Staals X-Mailer: Apple Mail (2.746.2) Cc: questions@FreeBSD.org Subject: Re: Redirecting Traffic with PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2006 08:33:35 -0000 Well, I don't use PF on FreeBSD (only on OpenBSD--and am no expert by any means) but I would write that rule as rdr pass on $extif inet proto udp from any to any port 27902 -> 192.168.2.11 port 27902 the difference being the addition of the "pass" keyword. IF you have a block, then allow ruleset in PF (allowing in only known good traffic) then you need to allow traffic on port 27902. alternatively you could add another line pass on any proto udp port 27902 keep state you do NOT need to specify $intif on the rdr line. you can also use the utility pftop (which is in the ports) tree to monitor livetime what's going on. Similiar to doing "pfctl -ss" Scott On Feb 24, 2006, at 2:13 PM, Frank Staals wrote: > Hey, > > I have an FreeBSD server/firewall running 5-Stable with PF. I want > to redirect all udp traffic on port 27902 from the internet to a > computer in my network. I used this rule but I have some problem > with it: sometimes connections on that port are refused and I can't > connect with other players ( it's for a online game ) : > > rdr on $extif inet proto udp from any port 27902 -> 192.168.2.11 > port 27902 > > I think the problem might have something to do with the different > network interfaces since the traffic is comming in on $extif and > has to go to an computer connected to $intif ? And how can I do > that ? Can I change it to: > > rdr on $extif inet proto udp from any port 27902 -> $intif > 192.168.2.11 port 27902 > > ? Or what do I have to do to fix it. > > Thanks in advance, > > -- > -Frank Staals > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org"