Hello, I recently started using pfsense in VMware to firewall VMs. It works great, has all the features I need, and is based off FreeBSD... which I prefer. So I set it up to route our physical network at work. We have three internal networks, two of which hold servers accessible from the outside via NAT rules. Everything works great, including the TCP reflection rules setup automatically from NAT rules on the WAN. However, their sibling UDP rules don't work. I've attempted to get them working using the current method, done some research, and concluded that it isn't possible to proxy UDP this way. Because I have multiple networks, and only need to use external IPs to access UDP services between separate networks, the automatically created UDP proxy rules stop me from entering NAT rules for the external IPs on internal interfaces. Since they don't work anyway, I edited filter.inc and commented out the UDP proxy rdr and inetd sections. I've done this on the distributed filter.inc for both 1.0.1 and 1.2 beta pre release. I have a tarball containing the original and new files, and diffs, at:
http://www.lostland.net/~adrian/patches/pfsense-no_udp_reflect.tar.bz2 This may not be the best solution, but it allows me to manually create duplicate NAT UDP rules on internal interfaces, and still allows the system to do all the TCP reflection rules for me. If someone knows how to make UDP proxying work with netcat, I'd be interested to see it. Thanks to all the pfsense people and contributors, this beats most of the commercial products I've used! Regards, Adrian
