PF NAT don't work
Andriy Bakay
andriy at irbisnet.com
Fri Apr 20 01:11:09 UTC 2012
On 2012-04-19, at 02:54 , Константин Покровский wrote:
> hello
> when you can fix problem with PF nat rules (they didn't work)
> don't check on earlier versions FreeBSD,but on 9.0 not work
> this function very very need
> thx
>
> i have two eth
> eth0 - external
> eth1 - internal
> in pf.conf:
> nat on $ext_if proto udp from $vpn_ip port 1194 to any -> $ext_ip port 2000
> rdr on $ext_if proto udp from any to $ext_ip port 2000 -> $vpn_ip port 1194
>
I am not sure about '$ext_ip port 2000' condition in your NAT rule. Are you using any proxy? Why do you need to explicitly specify outgoing port? Make sure you have 'pass' rules for your RDR and NAT. Could you provide more info about you VPN setup?
As a general recommendation, you can always "debug" you ruleset with 'tcpdump' utility, for example:
$ sudo tcpdump -ttttnpei pflog0 <you_extra_filter>
Or you can use 'pftop' from ports.
> rdr is work
> nat didn't
>
> vpnclient sent packets from internet to $vpn_ip,but not recieve
> it was 1st ...
>
> 2nd:
> and i have TeamSpeak 3 Server also
> if policy set block all then TS3 Server can't run (some connect?)
> i opened this ports:
> http://support.teamspeakusa.com/index.php?/Knowledgebase/Article/View/44/16/which-ports-does-the-teamspeak-3-server-use
> http://forum.configserver.com/viewtopic.php?f=6&t=4881
> but i have still this problem
> if policy set pass all then it will be work
> i can run: pass all > TS3 > block all
> but then TS3 was can't check license
>
> can you help me?
> thx
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf
mailing list