On Wed, Jan 18, 2006 at 09:53:29AM -0600, Bob Bostwick (Lists) wrote:
> I'm trying to setup pf to allow one machine on my network to play (and
> even host) Age of Empires III.
> I've tried a myrid of different settings in my pf.conf with the
> following as present.
> ....
> rdr on $ext_if proto tcp from any to $ext_if port 2300 tag AOE -> $gamer
> port 2300
> rdr on $ext_if proto udp from any to $ext_if port 2300:2310 tag AOEUDP
> -> $gamer
> block log all
> pass in quick on $ext_if tagged AOEUDP keep state
> pass in quick on $ext_if tagged AOE keep state
> pass out quick on $int_if tagged AOE keep state
> pass out quick on $int_if tagged AOEUDP keep state
> ....
> With
>
> pass out on $ext_if proto tcp all keep state
>
> thrown in the last line for good measure.
>
> With this I can at least join a game (sort of, it will still kick me out
> once in a while). However I can't host a game. I have to use a crappy
> netgear (reboot my router which kills all my web services) to host a
> game. When I try to host pf blocks UDP, even though it's allowed.
>
>
> tcpdump -ttt -eni pflog0
> tcpdump: WARNING: pflog0: no IPv4 address assigned
> tcpdump: listening on pflog0, link-type PFLOG
> Jan 17 23:50:12.654480 rule 0/(match) block in on xl0: 24.83.xx.xxx.2300
> > my.ip.ad.dr.63973: udp 40 [tos 0x20]
> Jan 17 23:50:12.767156 rule 0/(match) block in on xl0: 24.83.xx.xxx.2300
> > my.ip.ad.dr.63973: udp 40 [tos 0x20]
> Jan 17 23:50:12.810197 rule 0/(match) block in on xl0: 24.83.xx.xxx.2300
> > my.ip.ad.dr.63973: udp 10 [tos 0x20]
>
> With my.ip.ad.dr being the IP on $ext_if
>
>
> Rule 0 is the block log all.
>
> Is there some kind of game UDP proxy like FTP has? It seems silly to me
> that I can get this to work on a POS netgear, but not in pf. Any ideas,
> suggestions, cursing, or scolding's would be greatly appreciated. I'm
> at the end of what I know how to do, I've spent almost a month on this
> (and learned a lot about pf in the process)
Well, looking at your rules, they allow only traffic *to* udp:2300.
However, you are seeing traffic *from* udp:2300, which is dutifully
dropped by pf.
Joachim
