Redirecting Traffic with PF

Frank Staals frankstaals at gmx.net
Sat Feb 25 13:39:56 PST 2006 

Noel Jones wrote:

>On 2/24/06, Frank Staals <frankstaals at gmx.net> wrote:
>  
>
>>Hey,
>>
>>I have an FreeBSD server/firewall running 5-Stable with PF. I want to
>>redirect all udp traffic on port 27902 from the internet to a computer
>>in my network. I used this rule but I have some problem with it:
>>sometimes connections on that port are refused and I can't connect with
>>other players ( it's for a online game ) :
>>
>>rdr on $extif inet proto udp from any port 27902 -> 192.168.2.11 port 27902
>>
>>I think the problem might have something to do with the different
>>network interfaces since the traffic is comming in on $extif and has to
>>go to an computer connected to $intif ? And how can I do that ? Can I
>>change it to:
>>
>>rdr on $extif inet proto udp from any port 27902 -> $intif 192.168.2.11
>>port 27902
>>
>>? Or what do I have to do to fix it.
>>
>>Thanks in advance,
>>
>>--
>>-Frank Staals
>>
>>
>>    
>>
>
>I think you want something like
>rdr on $extif inet proto udp from any to self port 27902 ->
>192.168.2.11 port 27902
>
>--
>Noel Jones
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
>  
>
Hmm that doesn't realy seem to work, allthough I ran tcpdump on both 
network-interfaces ( on $intif and $extif ) this is what the logs said:

frank at Riza$ cat server/zh2_extif.log | grep 27902
21:01:53.784189 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:53.846934 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:54.202084 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:54.359296 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:54.393664 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:54.459930 IP 80.127.89.1.16660 > 10.0.0.1.27902: UDP, length: 13
21:01:54.543990 IP 80.127.89.1.16660 > 10.0.0.1.27902: UDP, length: 13
21:01:54.871197 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:55.266638 IP 80.127.89.1.16660 > 10.0.0.1.27902: UDP, length: 13
21:01:55.416378 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:55.458319 IP 80.127.89.1.16660 > 10.0.0.1.27902: UDP, length: 13
21:01:55.929734 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:56.476575 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:56.986877 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:57.532158 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:58.042995 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:58.587091 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:59.097693 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13

frank at Riza$ cat server/zh2_intif.log | grep 27902
21:01:53.784062 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:53.846829 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:54.202050 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:54.359182 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:54.393597 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:54.871080 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:55.416259 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:55.929615 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:56.476459 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:56.986756 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:57.532041 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:58.042885 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:58.586980 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13
21:01:59.097572 IP 192.168.2.11.27902 > 80.127.89.1.16660: UDP, length: 13

So the packets aren't forwarded, I used this rule to get that done but 
it won't work:


rdr on $extif inet proto udp from any to 10.0.0.1 port 27902 -> 
192.168.2.11 port 27902

I also tried:

rdr on $extif inet proto udp from any to any port 27902 -> 192.168.2.11 
port 27902

but that wouldn't work either.

I hope this will help ?



-- 
-Frank Staals

More information about the freebsd-questions mailing list