You report what does work, but not what didn't work so it's difficult
to say why it didn't work.
I really should have done that.
If I do not use the binat-rule, connecting to games (in CoH) will
not work. But CoH also seems to be the only game with that kind of
problem.
If I am not mistaken, using a binat-rule also makes my machine
vurnable for other stuff. I am under the impression that the ports I
define in the rdr rules are wrong (which means the documentation for
CoH is wrong)
Binat just means 1-to-1 NAT, rather than 1-to-many. If you have a
default block ruleset, it doesn't make you any more or less vulnerable.
IF the ports are right shouldn't this be enough?
CoH_ports = "{ 6112 , 9100 , 30260 }"
rdr pass log on $ext_if proto { tcp, udp } from any to $ext_if port
$CoH_ports -> $funshine
pass out all
No, that's probably not enough. You need a NAT line to handle
internally-initiated, outbound connections, something like:
nat on $ext_if from $int_net -> $ext_addr
That translates packets from your internal network, and makes them
look like they come from your firewall.
--Matt
