DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 31st July 2009
spiller37 spiller37 is offline
New User
 
Join Date: Jul 2009
Posts: 2
Thanked 0 Times in 0 Posts
Default Loose UDP routing?

I am trying to get Asheron's Call to work behind my OpenBSD box that is configured as a gateway and firewall using pf.

The reason for this is AC uses "Loose UDP Routing". What this means is that information that comes back from the servers is on a different port than information that is sent to them.

Is there any way to enable this functionality on OpenBSD, because I have already forwarded the recommended ports and I have tested the game when directly connected and it works.

I will provide any additional information necessary.
Please help...
Reply With Quote
  #2   (View Single Post)  
Old 31st July 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

According to this "video games" website, you only need to forward UDP ports 9000 through 9013.. I cannot find any other documents that claim any more exotic configuration requirements.

http://ac.turbine.com/index.php?opti...=454&Itemid=76

Presumably, a value rule for this would be:
Code:
rdr pass on $ext_if inet proto udp from any to any port 9000:9013 -> $silly_gamer
Hope that helps.
Reply With Quote
  #3   (View Single Post)  
Old 31st July 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

Perhaps they require a static source port? if so, then you'll likely need a separate NAT rule for this system.

Example..
Code:
nat on $ext_if proto udp from $silly_gamer to any -> ($ext_if:0) static-port
This is why I do not play video games, or use VoIP technology.. waste of time and effort.
Reply With Quote
  #4   (View Single Post)  
Old 31st July 2009
spiller37 spiller37 is offline
New User
 
Join Date: Jul 2009
Posts: 2
Thanked 0 Times in 0 Posts
Default

Thank you so much that nat command worked. Now what exactly is this command doing?
Reply With Quote
  #5   (View Single Post)  
Old 31st July 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts
Default

By default, OpenBSD randomizes the source port to avoid conflicts with local services..

For example.. a randomized state might look like in sudo pfctl -ss output:
Code:
all udp $external_ip:51348 ($silly_gamer:6942) -> $game_server:9000       MULTIPLE:SINGLE
And unmodified (static-port):
Code:
all udp $your_external_ip:6942 ($silly_gamer:6942) -> $game_server:9000       MULTIPLE:SINGLE
Typically pf maps ports into the higher "unreserved" ranges to avoid conflicting with services that may be utilizing ports on your router.

Correct me if I'm wrong jggimi/ocicat.. or other experts..

Hope that helps.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
double nat routing giagni General software and network 5 22nd May 2009 07:10 PM
Routing and routing some more! Weaseal FreeBSD General 1 19th August 2008 01:39 PM
OpenBSD and routing cchapman OpenBSD General 5 25th July 2008 05:55 PM
Problem Bandwitdh Loose SutanSim FreeBSD Security 0 16th June 2008 02:56 AM


All times are GMT. The time now is 02:27 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick