[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PS/2 can't get through firewall/nat

To: misc@openbsd.org
Subject: Re: PS/2 can't get through firewall/nat
From: "J. Scott Edwards" <sedwards@xmission.com>
Date: Wed, 4 Sep 2002 18:16:35 -0600 (MDT)
Cc: scarroll@sover.net

I believe I have (at least partially) discovered the problem.  The problem
is that the NAT is changing the port numbers on the way out for both the
TCP and UDP packets.

I have found out that when I create a game on my Playstation, the server
remembers what (TCP) port it came in on and gives that port number to the
other Playstations which they try to use to send UDP packets to my
Playstation.

What I really need to do is tell NAT not to mess with ports 10070-10079
for both TCP and UDP in or out.  I tried putting "rdr" into nat.conf to
send that range to the Playstation but it still seems to change them when
they go out.

Can anyone tell me how to turn off the port mangling for that port number
for packets going out?

Thanks
  -Scott



On Wed, 4 Sep 2002, Shawn T. Carroll wrote:
>
> On Tue, 3 Sep 2002, J. Scott Edwards wrote:
>
> >On Sun, 1 Sep 2002, Shawn T. Carroll wrote:
> >
> >> On Sat, 31 Aug 2002, Casey Paul Scott wrote:
> >>
> >> As Casey suggested, sniffing's a great idea to find out what's going on,
> >> and narrow down your ruleset.
> >>
> >>
> >> First step:  see if it works after a pfctl -F rules.  If not, put pf.conf
> >> aside for awhile.
> >>
> >
> >It doesn't work even after that.  So I guess we can assume the problem is
> >in the NAT?  One of the guys at work who has some kind of firewall on his
> >home network got it to work by redirecting all of the traffic for ports
> >10070 - 10080 to his Playstation2.  I will try to change my nat.conf and
> >see if that makes any difference.
>
> Hmm, yes, maybe there's something with NAT or rdr that can be done to make
> it work.  I don't know anything at all about the protocol spec, I don't
> suppose you have anything that describes it?  Or at least mentions
> TCP/UDP, port, and/or the direction connections are initiated in?
>
> I'm used to working from the ground up, meaning I would use tcpdump on the
> firewall, or on a laptop plugged into the same hub.  But I realize that if
> you're not used to working with that, or approaching things that way it
> might be real daunting.  Cool thing is that you can get it to work without
> the firewall.  So what I would do is set it up so that you *can* connect,
> stick that openbsd machine on the same hub as that machine, and then just
> before you connect, take a trace like this:
>
> tcpdump -i xl0 -s 1520 -n -w /root/playstationdump
>
> And then hit ctrl-c when successfully connected.  You can spew the dump
> file back with -r /root/playstationdump.  And you can add an expression at
> the end to narrow what you're looking for , including the things I asked
> in the first paragraph.  The tcpdump man page has great description and
> examples.
>
> The thing to do is then take a trace when *trying* to connect through the
> firewall.  Then step through each trace, and look for where it craps out.
> This should be enough info to see what needs to be done to make it work.
>
>
> Shawn

Prev by Date: Australian Open Source Awards 2002
Next by Date: Re: 1024 bit key considered insecure (sshd)
Prev by thread: Re: PS/2 can't get through firewall/nat
Next by thread: Multiboot with OpenBSD, FreeBSD and Slackware?
Index(es):
- Date
- Thread