Here are the pieces of my pf.conf that allowed me to play AoM and such,
I haven't played AoE3 yet, but the concept is probably similar w/
different ports (or maybe the same, who knows?)
from pf.conf:
> mark="192.168.10.10"
...
> tcp_games="6073 34987 37456" \
> # AoM (6073), RoN (34987)
> udp_games="6073 2300:2400 27960:27970 28004:28009 34987 13139 37456" \
> # AoM (6073,2300:2400), Q3, RoN (34987,13139)
...
> nat on $ext_if from $mark port {$tcp_games} \
> -> ($ext_if:0) static-port
> nat on $ext_if from $mark port {$udp_games} \
> -> ($ext_if:0) static-port
> nat on $ext_if from !($ext_if) \
> -> ($ext_if:0)
> rdr pass on $ext_if proto tcp to port {$tcp_games} \
> -> $mark
> rdr pass on $ext_if proto udp to port {$udp_games} \
> -> $mark
... And of course, all of that traffic has to be allowed through in rules.
Mainly, the "static-port" part of my nat rules is what was important to
getting it working.
HTH,
Mark
Bob Bostwick (Lists) wrote:
> I'm trying to setup pf to allow one machine on my network to play (and
> even host) Age of Empires III.
> I've tried a myrid of different settings in my pf.conf with the
> following as present.
> ....
> rdr on $ext_if proto tcp from any to $ext_if port 2300 tag AOE -> $gamer
> port 2300
> rdr on $ext_if proto udp from any to $ext_if port 2300:2310 tag AOEUDP
> -> $gamer
> block log all
> pass in quick on $ext_if tagged AOEUDP keep state
> pass in quick on $ext_if tagged AOE keep state
> pass out quick on $int_if tagged AOE keep state
> pass out quick on $int_if tagged AOEUDP keep state
> ....
> With
>
> pass out on $ext_if proto tcp all keep state
>
> thrown in the last line for good measure.
>
> With this I can at least join a game (sort of, it will still kick me out
> once in a while). However I can't host a game. I have to use a crappy
> netgear (reboot my router which kills all my web services) to host a
> game. When I try to host pf blocks UDP, even though it's allowed.
>
>
> tcpdump -ttt -eni pflog0
> tcpdump: WARNING: pflog0: no IPv4 address assigned
> tcpdump: listening on pflog0, link-type PFLOG
> Jan 17 23:50:12.654480 rule 0/(match) block in on xl0: 24.83.xx.xxx.2300
>> my.ip.ad.dr.63973: udp 40 [tos 0x20]
> Jan 17 23:50:12.767156 rule 0/(match) block in on xl0: 24.83.xx.xxx.2300
>> my.ip.ad.dr.63973: udp 40 [tos 0x20]
> Jan 17 23:50:12.810197 rule 0/(match) block in on xl0: 24.83.xx.xxx.2300
>> my.ip.ad.dr.63973: udp 10 [tos 0x20]
>
> With my.ip.ad.dr being the IP on $ext_if
>
>
> Rule 0 is the block log all.
>
> Is there some kind of game UDP proxy like FTP has? It seems silly to me
> that I can get this to work on a POS netgear, but not in pf. Any ideas,
> suggestions, cursing, or scolding's would be greatly appreciated. I'm
> at the end of what I know how to do, I've spent almost a month on this
> (and learned a lot about pf in the process)
