[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-pf
Subject:    Re: PF NAT don't work
From:       Andriy Bakay <andriy () irbisnet ! com>
Date:       2012-04-20 1:08:17
Message-ID: F98FCE1D-396A-4AD9-A946-76E0B3A6F648 () irbisnet ! com
[Download RAW message or body]


On 2012-04-19, at 02:54 , Константин Покровский wrote:

> hello
> when you can fix problem with PF nat rules (they didn't work)
> don't check on earlier versions FreeBSD,but on 9.0 not work
> this function very very need
> thx
> 
> i have two eth
> eth0 - external
> eth1 - internal
> in pf.conf:
> nat on $ext_if proto udp from $vpn_ip port 1194 to any -> $ext_ip port 2000
> rdr on $ext_if proto udp from any to $ext_ip port 2000 -> $vpn_ip port 1194
> 

I am not sure about '$ext_ip port 2000' condition in your NAT rule. Are you using any \
proxy? Why do you need to explicitly specify outgoing port? Make sure you have 'pass' \
rules for your RDR and NAT. Could you provide more info about you VPN setup?

As a general recommendation, you can always "debug" you ruleset with 'tcpdump' \
utility, for example:

$ sudo tcpdump -ttttnpei pflog0 <you_extra_filter>

Or you can use 'pftop' from ports.

> rdr is work
> nat didn't
> 
> vpnclient sent packets from internet to $vpn_ip,but not recieve
> it was 1st ...
> 
> 2nd:
> and i have TeamSpeak 3 Server also
> if policy set block all then TS3 Server can't run (some connect?)
> i opened this ports:
> http://support.teamspeakusa.com/index.php?/Knowledgebase/Article/View/44/16/which-ports-does-the-teamspeak-3-server-use
>  http://forum.configserver.com/viewtopic.php?f=6&t=4881
> but i have still this problem
> if policy set pass all then it will be work
> i can run: pass all > TS3 > block all
> but then TS3 was can't check license
> 
> can you help me?
> thx
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic