pf port redirection wierd behavior
Damien Fleuriot
ml at my.gd
Wed Sep 14 16:53:20 UTC 2011
On 9/2/11 12:26 PM, Victor Nagoryanskii wrote:
> Hello!
> I've noticed wierd behavior of pf port redirection. I have FreeBSD 8.2 box
> which nat'ed my lan. There are some http/mail servers presented in lan, tcp
> port redirection work fine, but udp redirection to my H323 enabled device is
> strange.
>
> When I initialising call , replied udp packets successfully redirected to
> my h323 device, but if call is initialising from outside to me -
> redirection just not work (I can't hear remote peer). I see udp packets hit
> to my ext_if , but nothing appear in lan_if.
>
>
> pf.conf
>
> nat pass on $inet_if from $lan_net to any -> $inet_if
> rdr pass on $inet_if proto tcp from any to $inet_ip port {25,80} -> 10.0.0.2
> # Work fine
> rdr pass on $inet_if proto tcp from any to $inet_ip port 1720 -> 10.0.0.4 #
> Work fine
> rdr pass on $inet_if proto udp from any to $inet_ip port 2048:2063 ->
> 10.0.0.4 # Work only if I initialising call
>
> pass all
>
> Also I tried to adjust udp session timer:
>
> set timeout udp.first 300
> set timeout udp.single 150
> set timeout udp.multiple 900
>
> Is this pf bug or I something misconfigured pf.conf?
There's no reason your UDP rdr rule shouldn't work.
You should run tcpdump on the target machine listening at 10.0.0.4 to
check whether packets arrive or not: tcpdump -ni eth0 ip and port 2048
I don't understand your "if I initialising call" statement.
More information about the freebsd-pf
mailing list