Tony Faoro wrote:
pass out on $ext_if inet proto tcp from 10.0.0.10/32 to 1.2.3.4/32 port /
5310 flags S/SA keep state queue(audio)
I'm not sure if you've just sanitized your IP addresses or not, but if you're doing NAT on $ext_if, you cannot filter outgoing packets based on internal addresses; the packets are translated before they hit the filter engine.
Ah, that's right. I didn't think of that. So, the rule might be:
pass out on $ext_if inet proto tcp from ($ext_if) to 1.2.3.4 port 5310 flags S/SA keep state queue(audio)
But I'm still lost on the port issue. Which ports are involved in the transaction? The example implies that the relay server listens on port 5310. Is that correct? I think it would make more sense to specify the outgoing port rather than the port you're connecting to (ie: from ($ext_if) port $shoutcastport to 1.2.3.4 ...). Maybe it doesn't matter though.
.joel
--------------------------------------------------
Dave St.Germain
http://funk.shacknet.nu/