I am having a hell of a time getting incoming udp packets to map through the NAT using the same port the come in on. Does that make sense? Probably not. I am trying to get Socom''s voice to work. My packet filter firewall is not allowing things to behave in the intended manner. All of my outbound connections work fine, the inbound is jacked though. I need to NAT incoming udp packets ports 6000-6999 to my ps2, but they must arrive to the ps2 at the same port they come into the network at, not on the arbitrary port assigned by NAT. Packet Filter released with OpenBSD 3.3 has a new ''static-port'' command, that one guy has used successfully. I am not able to get it to work correctly though, and documentation on this command is extremely sparse right now. Anybody dealt with this/have some solutions? I''ll post relevant pf.conf info if anyone wants to help me out. The Tyr project is here.

Not that anyone was going to post, but nevermind. Problem solved.

Would you mind sharing how you did it? I''ve been trying to get Generals to work, and I''m pretty sure it''s having the same problem.


"The sun is the same in a relative way,
but you''re older"
--Pink Floyd

Np. Couple things.

This was helpful.

Things to keep in mind: Make sure the NAT (and rdr) rules are working correctly before worrying about the filter rules; it will save you some time. I powered down all of my DMZ machines and put the PS2 on the DMZ, and then opened up the external interface and the dmz interface completely, while implementing som rigorous rules to safeguard my private network. Also, the thing that really got me: NAT rules are applied to packets the first time they are matched. This threw me off since filter rules apply the last matching rule to the packet. So the pertinent NAT rules are:





(note that Socom needs incoming udp ports 6000-6999 to work properly, so change things appropriately for your game)

Make sure that works with no filter rules. Then it is a matter of adding additional filter rules to allow the incoming udp packets (I assume that you already allow outbound packets and keep state on all tcp/udp/icmp traffic).




Let me know if you have any questions, and for some of the reasoning behind things check that link out.

EDIT--forgot to add the redirect rule!!

The Tyr project is here.

[edited by - OctDev on May 22, 2003 11:49:28 PM]

Thanks for the info. I think what I need is the ''static-port'' option. But that requires 3.3, so I guess it''s time to upgrade. I''ll try again after I''ve got 3.3 running.


"The sun is the same in a relative way,
but you''re older"
--Pink Floyd

Yeah, I upgraded for that reason as well; I had been meaning to (I was only running 3.1 I think) but didn''t have a necessary reason so had been avoiding it. Was extremely painless, as I just wiped everything and did a fresh install.