Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Apr 2012 21:08:17 -0400
From:      Andriy Bakay <andriy@irbisnet.com>
To:        =?utf-8?B?0JrQvtC90YHRgtCw0L3RgtC40L0g0J/QvtC60YDQvtCy0YHQutC4?= =?utf-8?B?0Lk=?= <zacisco@gmail.com>
Cc:        pf@freebsd.org
Subject:   Re: PF NAT don't work
Message-ID:  <F98FCE1D-396A-4AD9-A946-76E0B3A6F648@irbisnet.com>
In-Reply-To: <CAG0vsXUwB6PjQLDbHQoM5wrrym63r%2Bqn2M8bMm9JZeNPS1MvmA@mail.gmail.com>
References:  <CAG0vsXUwB6PjQLDbHQoM5wrrym63r%2Bqn2M8bMm9JZeNPS1MvmA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 2012-04-19, at 02:54 , =D0=9A=D0=BE=D0=BD=D1=81=D1=82=D0=B0=D0=BD=D1=82=
=D0=B8=D0=BD =D0=9F=D0=BE=D0=BA=D1=80=D0=BE=D0=B2=D1=81=D0=BA=D0=B8=D0=B9 =
wrote:

> hello
> when you can fix problem with PF nat rules (they didn't work)
> don't check on earlier versions FreeBSD,but on 9.0 not work
> this function very very need
> thx
>=20
> i have two eth
> eth0 - external
> eth1 - internal
> in pf.conf:
> nat on $ext_if proto udp from $vpn_ip port 1194 to any -> $ext_ip port =
2000
> rdr on $ext_if proto udp from any to $ext_ip port 2000 -> $vpn_ip port =
1194
>=20

I am not sure about '$ext_ip port 2000' condition in your NAT rule. Are =
you using any proxy? Why do you need to explicitly specify outgoing =
port? Make sure you have 'pass' rules for your RDR and NAT. Could you =
provide more info about you VPN setup?

As a general recommendation, you can always "debug" you ruleset with =
'tcpdump' utility, for example:

$ sudo tcpdump -ttttnpei pflog0 <you_extra_filter>

Or you can use 'pftop' from ports.

> rdr is work
> nat didn't
>=20
> vpnclient sent packets from internet to $vpn_ip,but not recieve
> it was 1st ...
>=20
> 2nd:
> and i have TeamSpeak 3 Server also
> if policy set block all then TS3 Server can't run (some connect?)
> i opened this ports:
> =
http://support.teamspeakusa.com/index.php?/Knowledgebase/Article/View/44/1=
6/which-ports-does-the-teamspeak-3-server-use
> http://forum.configserver.com/viewtopic.php?f=3D6&t=3D4881
> but i have still this problem
> if policy set pass all then it will be work
> i can run: pass all > TS3 > block all
> but then TS3 was can't check license
>=20
> can you help me?
> thx
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F98FCE1D-396A-4AD9-A946-76E0B3A6F648>