From owner-freebsd-pf@FreeBSD.ORG Fri Apr 20 01:11:09 2012 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D6B61065673 for ; Fri, 20 Apr 2012 01:11:09 +0000 (UTC) (envelope-from andriy@irbisnet.com) Received: from nm8-vm0.access.bullet.mail.mud.yahoo.com (nm8-vm0.access.bullet.mail.mud.yahoo.com [66.94.237.191]) by mx1.freebsd.org (Postfix) with SMTP id 089F88FC0C for ; Fri, 20 Apr 2012 01:11:08 +0000 (UTC) Received: from [66.94.237.194] by nm8.access.bullet.mail.mud.yahoo.com with NNFMP; 20 Apr 2012 01:08:19 -0000 Received: from [98.139.221.70] by tm5.access.bullet.mail.mud.yahoo.com with NNFMP; 20 Apr 2012 01:08:19 -0000 Received: from [127.0.0.1] by smtp107.rog.mail.bf1.yahoo.com with NNFMP; 20 Apr 2012 01:08:19 -0000 X-Yahoo-Newman-Id: 764675.83116.bm@smtp107.rog.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: orf12ksVM1k8jKx5I2M3jkFvAa6A62HxHPeHTd.e5w8UC7R VkU7b89FU1MaMZgPMoq84mER8_7fbOl8DInwb0_mHHu3LSEXc9.5mq5rV0Bu 3A4xjhSoD0CVhUZa1CFhxESWJxEa2P5Q3yFoliw2gBRLr5YbcgSCH7_cAqa9 pp_8Wnblz7TnfgWtX_NkptSRJb9QrRmEHI5gwKu8nzfcPKQbxuLyAcYrrCHn Q8_GsQER0isN9.nrcI_pne45XTzjWNIpKTP_3jOUppVhaL22JwpreQLVuVdI IBG0ILR3H2bWfBlkzXvPHqvI2K4AL5Q_AKhXnl9NFQxTBOAHX47SPsVcdkXb F8LTinYSgRqMNIuhM_40WKIpnSPgpQLXXLYzFAgz3h15vcjFPFYzE3wJFwXm zc8wRbd77uI4cUgAJykX6KdKAIfLIHSez9Dmoc7qDfFlLvksbRmQXzh97R7U rIR4oWg63s_Ea3YKO0cSvhPWLVXKqQd7_4T7ajVnDFJmzputeOB1_75P3gL4 3VIW8ZrJlOPtxqfitDEco9G0kJOyfG91tgZ7KtJ0.cCLcde_FMBl65TsbrSy voo2t31eymbrTa.sNlGcwFMw6fvsJSCyZhqB_20rwSa_ZPR.4568ph9LgYYP BrHyfBx_YFk49PrAaLz7CyKEnzveoGhsHiTUQfchiWC24guxiocu1b5_4D3u Iai5b.ZuxNgipgbJmYRlD9WtMt5iXCceWQDzRUqanvww8a6hi4NZk76s- X-Yahoo-SMTP: dz9sigaswBA5kWoYWVTZrGHmIs2vaKgG1w-- Received: from smtp.irbisnet.com (andriy@174.113.73.248 with login) by smtp107.rog.mail.bf1.yahoo.com with SMTP; 19 Apr 2012 18:08:19 -0700 PDT Received: from pollux.irbisnet.com (pollux.local [192.168.0.6]) by smtp.irbisnet.com (Postfix) with ESMTPSA id 4D6F330DFA; Thu, 19 Apr 2012 21:08:18 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v1257) Content-Type: text/plain; charset=utf-8 From: Andriy Bakay In-Reply-To: Date: Thu, 19 Apr 2012 21:08:17 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: =?utf-8?B?0JrQvtC90YHRgtCw0L3RgtC40L0g0J/QvtC60YDQvtCy0YHQutC4?= =?utf-8?B?0Lk=?= X-Mailer: Apple Mail (2.1257) Cc: pf@freebsd.org Subject: Re: PF NAT don't work X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Apr 2012 01:11:09 -0000 On 2012-04-19, at 02:54 , =D0=9A=D0=BE=D0=BD=D1=81=D1=82=D0=B0=D0=BD=D1=82= =D0=B8=D0=BD =D0=9F=D0=BE=D0=BA=D1=80=D0=BE=D0=B2=D1=81=D0=BA=D0=B8=D0=B9 = wrote: > hello > when you can fix problem with PF nat rules (they didn't work) > don't check on earlier versions FreeBSD,but on 9.0 not work > this function very very need > thx >=20 > i have two eth > eth0 - external > eth1 - internal > in pf.conf: > nat on $ext_if proto udp from $vpn_ip port 1194 to any -> $ext_ip port = 2000 > rdr on $ext_if proto udp from any to $ext_ip port 2000 -> $vpn_ip port = 1194 >=20 I am not sure about '$ext_ip port 2000' condition in your NAT rule. Are = you using any proxy? Why do you need to explicitly specify outgoing = port? Make sure you have 'pass' rules for your RDR and NAT. Could you = provide more info about you VPN setup? As a general recommendation, you can always "debug" you ruleset with = 'tcpdump' utility, for example: $ sudo tcpdump -ttttnpei pflog0 Or you can use 'pftop' from ports. > rdr is work > nat didn't >=20 > vpnclient sent packets from internet to $vpn_ip,but not recieve > it was 1st ... >=20 > 2nd: > and i have TeamSpeak 3 Server also > if policy set block all then TS3 Server can't run (some connect?) > i opened this ports: > = http://support.teamspeakusa.com/index.php?/Knowledgebase/Article/View/44/1= 6/which-ports-does-the-teamspeak-3-server-use > http://forum.configserver.com/viewtopic.php?f=3D6&t=3D4881 > but i have still this problem > if policy set pass all then it will be work > i can run: pass all > TS3 > block all > but then TS3 was can't check license >=20 > can you help me? > thx > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"