From owner-freebsd-questions@FreeBSD.ORG Fri Nov 2 20:09:37 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA25A16A41A for ; Fri, 2 Nov 2007 20:09:37 +0000 (UTC) (envelope-from fbsd06+P3=1ad2834c@mlists.homeunix.com) Received: from turtle-out.mxes.net (turtle-out.mxes.net [216.86.168.191]) by mx1.freebsd.org (Postfix) with ESMTP id 8F6A113C4B8 for ; Fri, 2 Nov 2007 20:09:37 +0000 (UTC) (envelope-from fbsd06+P3=1ad2834c@mlists.homeunix.com) Received: from mxout-04.mxes.net (mxout-04.mxes.net [216.86.168.179]) by turtle-in.mxes.net (Postfix) with ESMTP id 83E9D1644B9 for ; Fri, 2 Nov 2007 10:15:49 -0400 (EDT) Received: from gumby.homeunix.com. (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id 2E1D8D0500; Fri, 2 Nov 2007 10:15:27 -0400 (EDT) Date: Fri, 2 Nov 2007 14:15:25 +0000 From: RW To: freebsd-questions@freebsd.org Message-ID: <20071102141525.19a05fc7@gumby.homeunix.com.> In-Reply-To: <472AF4FF.9000803@gmail.com> References: <472AF4FF.9000803@gmail.com> X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.1; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: jackbarnett@gmail.com Subject: Re: IPFW Rules and Games X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Nov 2007 20:09:37 -0000 On Fri, 02 Nov 2007 04:59:27 -0500 Jack Barnett wrote: > > Lots of people play games here and basically a pain to keep trying to > get these stupid things to work with individual rules for each. > > I'm running FreeBSD 6.x with IPFW/natd > > I get a dynamic IP from my ISP and the internal nic is 192.168.17.1 > Everything inside the network is 192.168.17.xxx > > The setup is this: > 192.168.17.x <--> 192.168.17.1 <[FreeBSD]> Dynamic IP <--> {Random > Game Server on the Internets} > [Internet Network(GAME)] <--> [FreeBSD] <--> {Internets} > > There are a bunch of games that send out TCP/UDP packets (and who > knows what else) on different ports to different destinations and then > receive data back on "random" ports. Basically, anything on any > protocol from the internal network should be able to establish and > setup connections out AND be allowed to receive data back from > whomever they connected out to; but "random" hosts trying to connect > in should be blocked. You simply need to allow back traffic on the same socket connection this will happen automatically with TCP if you are passing established traffic, with UDP you will have to keep-state. You will probably find that the games also require you to open one or more incoming ports too. If you are not very confident with ipfw I would suggest you switch to pf. It's a very good firewall and generally easier to use. Also if you are playing games, you'll want to do traffic prioritisation, which is a pain with ipfw.