IPFW Rules and Games

Jack Barnett jackbarnett at gmail.com
Fri Nov 2 13:41:00 PDT 2007 

   RW wrote:

On Fri, 02 Nov 2007 04:59:27 -0500
Jack Barnett [1]<jackbarnett at gmail.com> wrote:



Lots of people play games here and basically a pain to keep trying to
get these stupid things to work with individual rules for each.

I'm running FreeBSD 6.x with IPFW/natd

I get a dynamic IP from my ISP and the internal nic is 192.168.17.1
Everything inside the network is 192.168.17.xxx

The setup is this:
192.168.17.x  <--> 192.168.17.1 <[FreeBSD]> Dynamic IP <--> {Random
Game Server on the Internets}
[Internet Network(GAME)] <--> [FreeBSD] <--> {Internets}

There are a bunch of games that send out TCP/UDP packets (and who
knows what else) on different ports to different destinations and then
receive data back on "random" ports.  Basically, anything on any
protocol from the internal network should be able to establish and
setup connections out AND be allowed to receive data back from
whomever they connected out to; but "random" hosts trying to connect
in should be blocked.


You simply need to allow back traffic on the same socket connection
this will happen automatically with TCP if you are passing established
traffic, with UDP you will have to keep-state. You will probably find
that the games also require you to open one or more incoming ports too.

If you are not very confident with ipfw I would suggest you switch to
pf. It's a very good firewall and generally easier to use. Also if you
are playing games, you'll want to do traffic prioritisation, which is a
pain with ipfw.


   Thanks.  Yes, generally firewalls and networking isn't my strong
   point.
   I checked out the handbook on it and it looks easy enough.
   I found this: [2]http://www.allard.nu/pfw/ - but appears it's not in
   the ports and commerical software?
   I also have fwbuilder installed; but don't really like that much.
   Are there any other GUI like interfaces that could help me in building
   rules for pf?
   I haven't read though it all yet; but I'll still need natd with pf,
   right?

References

   1. mailto:jackbarnett at gmail.com
   2. http://www.allard.nu/pfw/

More information about the freebsd-questions mailing list