Re: Redirecting Traffic with PF
Frank Staals skrev: Noel Jones wrote: On 2/24/06, Frank Staals [EMAIL PROTECTED] wrote: Hey, I have an FreeBSD server/firewall running 5-Stable with PF. I want to redirect all udp traffic on port 27902 from the internet to a computer in my network. I used this rule but I have some problem with it: sometimes connections on that port are refused and I can't connect with other players ( it's for a online game ) : rdr on $extif inet proto udp from any port 27902 - 192.168.2.11 port 27902 Portmapping and redirections are set with ipnat. In your ipnat.rules - or whatever you call it - put something like this: rdr fxp0 0.0.0.0/0 port 80 - 10.0.0.2 port 80 tcp Change to suite yor setup. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Redirecting Traffic with PF
Well, I don't use PF on FreeBSD (only on OpenBSD--and am no expert by any means) but I would write that rule as rdr pass on $extif inet proto udp from any to any port 27902 - 192.168.2.11 port 27902 the difference being the addition of the pass keyword. IF you have a block, then allow ruleset in PF (allowing in only known good traffic) then you need to allow traffic on port 27902. alternatively you could add another line pass on any proto udp port 27902 keep state you do NOT need to specify $intif on the rdr line. you can also use the utility pftop (which is in the ports) tree to monitor livetime what's going on. Similiar to doing pfctl -ss Scott On Feb 24, 2006, at 2:13 PM, Frank Staals wrote: Hey, I have an FreeBSD server/firewall running 5-Stable with PF. I want to redirect all udp traffic on port 27902 from the internet to a computer in my network. I used this rule but I have some problem with it: sometimes connections on that port are refused and I can't connect with other players ( it's for a online game ) : rdr on $extif inet proto udp from any port 27902 - 192.168.2.11 port 27902 I think the problem might have something to do with the different network interfaces since the traffic is comming in on $extif and has to go to an computer connected to $intif ? And how can I do that ? Can I change it to: rdr on $extif inet proto udp from any port 27902 - $intif 192.168.2.11 port 27902 ? Or what do I have to do to fix it. Thanks in advance, -- -Frank Staals ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Redirecting Traffic with PF
Noel Jones wrote: On 2/24/06, Frank Staals [EMAIL PROTECTED] wrote: Hey, I have an FreeBSD server/firewall running 5-Stable with PF. I want to redirect all udp traffic on port 27902 from the internet to a computer in my network. I used this rule but I have some problem with it: sometimes connections on that port are refused and I can't connect with other players ( it's for a online game ) : rdr on $extif inet proto udp from any port 27902 - 192.168.2.11 port 27902 I think the problem might have something to do with the different network interfaces since the traffic is comming in on $extif and has to go to an computer connected to $intif ? And how can I do that ? Can I change it to: rdr on $extif inet proto udp from any port 27902 - $intif 192.168.2.11 port 27902 ? Or what do I have to do to fix it. Thanks in advance, -- -Frank Staals I think you want something like rdr on $extif inet proto udp from any to self port 27902 - 192.168.2.11 port 27902 -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hmm that doesn't realy seem to work, allthough I ran tcpdump on both network-interfaces ( on $intif and $extif ) this is what the logs said: [EMAIL PROTECTED] cat server/zh2_extif.log | grep 27902 21:01:53.784189 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:53.846934 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:54.202084 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:54.359296 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:54.393664 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:54.459930 IP 80.127.89.1.16660 10.0.0.1.27902: UDP, length: 13 21:01:54.543990 IP 80.127.89.1.16660 10.0.0.1.27902: UDP, length: 13 21:01:54.871197 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:55.266638 IP 80.127.89.1.16660 10.0.0.1.27902: UDP, length: 13 21:01:55.416378 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:55.458319 IP 80.127.89.1.16660 10.0.0.1.27902: UDP, length: 13 21:01:55.929734 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:56.476575 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:56.986877 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:57.532158 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:58.042995 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:58.587091 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:59.097693 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 [EMAIL PROTECTED] cat server/zh2_intif.log | grep 27902 21:01:53.784062 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:53.846829 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:54.202050 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:54.359182 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:54.393597 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:54.871080 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:55.416259 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:55.929615 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:56.476459 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:56.986756 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:57.532041 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:58.042885 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:58.586980 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 21:01:59.097572 IP 192.168.2.11.27902 80.127.89.1.16660: UDP, length: 13 So the packets aren't forwarded, I used this rule to get that done but it won't work: rdr on $extif inet proto udp from any to 10.0.0.1 port 27902 - 192.168.2.11 port 27902 I also tried: rdr on $extif inet proto udp from any to any port 27902 - 192.168.2.11 port 27902 but that wouldn't work either. I hope this will help ? -- -Frank Staals ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Redirecting Traffic with PF
Hey, I have an FreeBSD server/firewall running 5-Stable with PF. I want to redirect all udp traffic on port 27902 from the internet to a computer in my network. I used this rule but I have some problem with it: sometimes connections on that port are refused and I can't connect with other players ( it's for a online game ) : rdr on $extif inet proto udp from any port 27902 - 192.168.2.11 port 27902 I think the problem might have something to do with the different network interfaces since the traffic is comming in on $extif and has to go to an computer connected to $intif ? And how can I do that ? Can I change it to: rdr on $extif inet proto udp from any port 27902 - $intif 192.168.2.11 port 27902 ? Or what do I have to do to fix it. Thanks in advance, -- -Frank Staals ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Redirecting Traffic with PF
Frank Staals wrote: Hey, Good afternoon... I'm just stabbing in the dark here since I use neither 5-Stable nor PF. I have an FreeBSD server/firewall running 5-Stable with PF. I want to redirect all udp traffic on port 27902 from the internet to a computer in my network. I used this rule but I have some problem with it: sometimes connections on that port are refused and I can't connect with other players ( it's for a online game ) : What do you mean by sometimes ??? sometimes problems are the worst kind. rdr on $extif inet proto udp from any port 27902 - 192.168.2.11 port 27902 I think the problem might have something to do with the different network interfaces since the traffic is comming in on $extif and has to go to an computer connected to $intif ? And how can I do that ? Can I change it to: rdr on $extif inet proto udp from any port 27902 - $intif 192.168.2.11 port 27902 How are your two interfaces configured and what does your routing table look like? If you do a traceroute to 192.168.2.11 from the firewall when you're having trouble connecting what is the result? -- Headed for the second star to the right and straight on 'til morning... Eric Schultz (aka Storkman) Photos: http://community.webshots.com/user/schultznet Homepage: http://www.schultznet.ca Blog: http://schultznet.blogspot.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Redirecting Traffic with PF
On 2/24/06, Frank Staals [EMAIL PROTECTED] wrote: Hey, I have an FreeBSD server/firewall running 5-Stable with PF. I want to redirect all udp traffic on port 27902 from the internet to a computer in my network. I used this rule but I have some problem with it: sometimes connections on that port are refused and I can't connect with other players ( it's for a online game ) : rdr on $extif inet proto udp from any port 27902 - 192.168.2.11 port 27902 I think the problem might have something to do with the different network interfaces since the traffic is comming in on $extif and has to go to an computer connected to $intif ? And how can I do that ? Can I change it to: rdr on $extif inet proto udp from any port 27902 - $intif 192.168.2.11 port 27902 ? Or what do I have to do to fix it. Thanks in advance, -- -Frank Staals I think you want something like rdr on $extif inet proto udp from any to self port 27902 - 192.168.2.11 port 27902 -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Redirecting Traffic with PF
Eric Schultz wrote: Frank Staals wrote: Hey, Good afternoon... I'm just stabbing in the dark here since I use neither 5-Stable nor PF. I have an FreeBSD server/firewall running 5-Stable with PF. I want to redirect all udp traffic on port 27902 from the internet to a computer in my network. I used this rule but I have some problem with it: sometimes connections on that port are refused and I can't connect with other players ( it's for a online game ) : What do you mean by sometimes ??? sometimes problems are the worst kind. Sometimes: about 90% of all attempts to connect rdr on $extif inet proto udp from any port 27902 - 192.168.2.11 port 27902 I think the problem might have something to do with the different network interfaces since the traffic is comming in on $extif and has to go to an computer connected to $intif ? And how can I do that ? Can I change it to: rdr on $extif inet proto udp from any port 27902 - $intif 192.168.2.11 port 27902 How are your two interfaces configured and what does your routing table look like? If you do a traceroute to 192.168.2.11 from the firewall when you're having trouble connecting what is the result? The Firewall is the default gateway for my localnetwork, so 192.168.2.11 is directly connected to the server/firewall -- -Frank Staals ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]