From owner-freebsd-pf@FreeBSD.ORG Fri Sep 2 10:58:16 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD3F3106564A for ; Fri, 2 Sep 2011 10:58:16 +0000 (UTC) (envelope-from nagoryanskii@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 4EB0B8FC14 for ; Fri, 2 Sep 2011 10:58:15 +0000 (UTC) Received: by fxe4 with SMTP id 4so2008075fxe.13 for ; Fri, 02 Sep 2011 03:58:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=QWZC0bLKPQ5q1oUi1+H/6ASgjBcMz/7mnKhuVCqKQAY=; b=RVXcxyZOgy5oNbN5aaQwVsuklky42O0bxCGNmPQ5p7E8V8POZYx+EnZUNcl8He1FKW ReGLujLXe+2V1KEbZRZgQJzTLBGpciGmUsxzWUSIQr/mwt9nkvcROvgLDcMYts5Hm05F jk5TBKexh7/I+U+3TqphyMjhh/KccScoFj0Eo= MIME-Version: 1.0 Received: by 10.223.17.3 with SMTP id q3mr1491050faa.71.1314959203563; Fri, 02 Sep 2011 03:26:43 -0700 (PDT) Received: by 10.223.107.68 with HTTP; Fri, 2 Sep 2011 03:26:43 -0700 (PDT) Date: Fri, 2 Sep 2011 13:26:43 +0300 Message-ID: From: Victor Nagoryanskii To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: pf port redirection wierd behavior X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2011 10:58:16 -0000 Hello! I've noticed wierd behavior of pf port redirection. I have FreeBSD 8.2 box which nat'ed my lan. There are some http/mail servers presented in lan, tcp port redirection work fine, but udp redirection to my H323 enabled device is strange. When I initialising call , replied udp packets successfully redirected to my h323 device, but if call is initialising from outside to me - redirection just not work (I can't hear remote peer). I see udp packets hit to my ext_if , but nothing appear in lan_if. pf.conf nat pass on $inet_if from $lan_net to any -> $inet_if rdr pass on $inet_if proto tcp from any to $inet_ip port {25,80} -> 10.0.0.2 # Work fine rdr pass on $inet_if proto tcp from any to $inet_ip port 1720 -> 10.0.0.4 # Work fine rdr pass on $inet_if proto udp from any to $inet_ip port 2048:2063 -> 10.0.0.4 # Work only if I initialising call pass all Also I tried to adjust udp session timer: set timeout udp.first 300 set timeout udp.single 150 set timeout udp.multiple 900 Is this pf bug or I something misconfigured pf.conf?