From owner-freebsd-questions@FreeBSD.ORG Fri Nov 2 20:41:00 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D992B16A420 for ; Fri, 2 Nov 2007 20:41:00 +0000 (UTC) (envelope-from jackbarnett@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.237]) by mx1.freebsd.org (Postfix) with ESMTP id 9F5B113C4B9 for ; Fri, 2 Nov 2007 20:41:00 +0000 (UTC) (envelope-from jackbarnett@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so797062wxd for ; Fri, 02 Nov 2007 13:40:38 -0700 (PDT) Received: by 10.70.87.5 with SMTP id k5mr3027765wxb.1194026327642; Fri, 02 Nov 2007 10:58:47 -0700 (PDT) Received: from ?192.168.17.10? ( [67.190.229.42]) by mx.google.com with ESMTPS id h38sm8916949wxd.2007.11.02.10.58.44 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 02 Nov 2007 10:58:44 -0700 (PDT) Message-ID: <472B6552.9060602@gmail.com> Date: Fri, 02 Nov 2007 12:58:42 -0500 From: Jack Barnett User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) To: RW References: <472AF4FF.9000803@gmail.com> <20071102141525.19a05fc7@gumby.homeunix.com.> In-Reply-To: <20071102141525.19a05fc7@gumby.homeunix.com.> Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: IPFW Rules and Games X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jackbarnett@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Nov 2007 20:41:00 -0000 RW wrote: On Fri, 02 Nov 2007 04:59:27 -0500 Jack Barnett [1] wrote: Lots of people play games here and basically a pain to keep trying to get these stupid things to work with individual rules for each. I'm running FreeBSD 6.x with IPFW/natd I get a dynamic IP from my ISP and the internal nic is 192.168.17.1 Everything inside the network is 192.168.17.xxx The setup is this: 192.168.17.x <--> 192.168.17.1 <[FreeBSD]> Dynamic IP <--> {Random Game Server on the Internets} [Internet Network(GAME)] <--> [FreeBSD] <--> {Internets} There are a bunch of games that send out TCP/UDP packets (and who knows what else) on different ports to different destinations and then receive data back on "random" ports. Basically, anything on any protocol from the internal network should be able to establish and setup connections out AND be allowed to receive data back from whomever they connected out to; but "random" hosts trying to connect in should be blocked. You simply need to allow back traffic on the same socket connection this will happen automatically with TCP if you are passing established traffic, with UDP you will have to keep-state. You will probably find that the games also require you to open one or more incoming ports too. If you are not very confident with ipfw I would suggest you switch to pf. It's a very good firewall and generally easier to use. Also if you are playing games, you'll want to do traffic prioritisation, which is a pain with ipfw. Thanks. Yes, generally firewalls and networking isn't my strong point. I checked out the handbook on it and it looks easy enough. I found this: [2]http://www.allard.nu/pfw/ - but appears it's not in the ports and commerical software? I also have fwbuilder installed; but don't really like that much. Are there any other GUI like interfaces that could help me in building rules for pf? I haven't read though it all yet; but I'll still need natd with pf, right? References 1. mailto:jackbarnett@gmail.com 2. http://www.allard.nu/pfw/