ipfilter - port forward question
darryl at osborne-ind.com
Fri Aug 8 11:35:35 PDT 2003
it does in fact use udp. Here is what I have done.
Added to /etc/ipfilter.rules
pass in quick on ep0 proto tcp from any to any port = 31240 keep state
Added to /etc/ipnat.rules
rdr ep0 0/0 port 31240 -> 192.168.1.35 port 31240 udp
I can reload the ipfilter rules with the
ipf -Fa -f /etc/ipfilter.rules
how do I reload the ipnat rules ?
I tried ipnat -F then
ipnat -f /etc/ipnat.rules.
But when I did a ipnat -l it showed that it
just added the new rdr (so I had two listed).
External users still couldn't connect. So, I create a new
ipfilter.rules file with:
pass in quick on ep0 all keep state
pass out quick on ep0 all keep state.
reloaded the filewall rules. Users tried to connect but couldn't.
I looked at the nat table I saw:
map 192.168.1.35 1256 <- -> 22.214.171.124 1256 [126.96.36.199 5101]
rdr 192.168.1.35 31240 <- -> 188.8.131.52 31240 [184.108.40.206 1131]
<snip out duplicate entries with 1131 changing to different values>
I feel I'm close. What am I missing/screwing up ?
>From: Mike Maltese [mailto:mike at pcmedx.com]
>Sent: Thursday, August 07, 2003 4:14 PM
>To: freebsd-questions at freebsd.org
>Cc: darryl at osborne-ind.com
>Subject: Re: ipfilter - port forward question
>> map ep0 192.168.1.0/24 -> 0/32
>> rdr epo 220.127.116.11/32 port 31240 -> 192.168.1.35 port 31240 tcp
>Try "rdr ep0 0/0 port 31240 -> 192.168.1.35 port 31240 tcp" in your nat
>rules and try something like "pass in quick on ed0 all keep
>quick on ed0 all keep state" in your ipf rules. There's really
>no need to
>open up the whole machine like this though. Why not "pass in
>quick on ed0
>proto tcp from any to any port = 31240 flags S keep state"?
>One last thing
>that I just thought of...are you sure the game uses TCP? Most
>games use UDP
>because of the lower overhead.
More information about the freebsd-questions