[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PS/2 can't get through firewall/nat

To: "J. Scott Edwards" <sedwards@xmission.com>
Subject: Re: PS/2 can't get through firewall/nat
From: "Shawn T. Carroll" <scarroll@sover.net>
Date: Wed, 4 Sep 2002 02:50:38 -0400 (EDT)
Cc: Casey Paul Scott <brewmaster@gudbier.org>, misc@openbsd.org

On Tue, 3 Sep 2002, J. Scott Edwards wrote:

>On Sun, 1 Sep 2002, Shawn T. Carroll wrote:
>
>> On Sat, 31 Aug 2002, Casey Paul Scott wrote:
>>
>> As Casey suggested, sniffing's a great idea to find out what's going on,
>> and narrow down your ruleset.
>>
>>
>> First step:  see if it works after a pfctl -F rules.  If not, put pf.conf
>> aside for awhile.
>>
>
>It doesn't work even after that.  So I guess we can assume the problem is
>in the NAT?  One of the guys at work who has some kind of firewall on his
>home network got it to work by redirecting all of the traffic for ports
>10070 - 10080 to his Playstation2.  I will try to change my nat.conf and
>see if that makes any difference.

Hmm, yes, maybe there's something with NAT or rdr that can be done to make
it work.  I don't know anything at all about the protocol spec, I don't
suppose you have anything that describes it?  Or at least mentions
TCP/UDP, port, and/or the direction connections are initiated in?

I'm used to working from the ground up, meaning I would use tcpdump on the
firewall, or on a laptop plugged into the same hub.  But I realize that if
you're not used to working with that, or approaching things that way it
might be real daunting.  Cool thing is that you can get it to work without
the firewall.  So what I would do is set it up so that you *can* connect,
stick that openbsd machine on the same hub as that machine, and then just
before you connect, take a trace like this:

tcpdump -i xl0 -s 1520 -n -w /root/playstationdump

And then hit ctrl-c when successfully connected.  You can spew the dump   
file back with -r /root/playstationdump.  And you can add an expression at
the end to narrow what you're looking for , including the things I asked  
in the first paragraph.  The tcpdump man page has great description and   
examples.

The thing to do is then take a trace when *trying* to connect through the
firewall.  Then step through each trace, and look for where it craps out.
This should be enough info to see what needs to be done to make it work.

Shawn

References:
- Re: PS/2 can't get through firewall/nat
  - From: "J. Scott Edwards" <sedwards@xmission.com>

Prev by Date: Re: pf configuration
Next by Date: Re: pf configuration
Prev by thread: Re: PS/2 can't get through firewall/nat
Next by thread: Re: PS/2 can't get through firewall/nat
Index(es):
- Date
- Thread