Hi,
it's always difficult for me to come up with a good title for a thread, I hope you'll understand what Im trying to say here.
Im setting up a freebsd firewall. The firewall has a dynamic IP on {oif} and my private network uses 10.0.0.x addresses (10.0.0.1 being the {iif} of the firewall).
I have a playstation 3 game console and I need to get it work so that games can be played on playstation network. Im using Modern Warfare 2 to test the firewall. This is what I've come up for now:
1) I tried this on the firewall:
games didn't work, I took one line from tcpdump and wrote it down. It goes like this:
that 10.0.0.8 is the IP of my playstation3
2) So next I try:
games (well, MW2) don't work, I take a longer copy&paste from tcpdump:
3) Now Im starting to think about that port 3074 that is seen in pretty much all lines from tcpdump and I make the rule like this:
I start the game and try to join some game on PSN and it works. tcpdump gives stuff like this:
So I kinda get MW2 to work, but Im not 100% satisfied as now I have to open UDP ports for incoming connections and I guess I have to make each game it's own rules to the firewall. Is there anyone who could help me out? How can I make a ruleset that won't allow that much incoming connections and would (most likely) work with all games without the need to always make new rules with new games.
it's always difficult for me to come up with a good title for a thread, I hope you'll understand what Im trying to say here.
Im setting up a freebsd firewall. The firewall has a dynamic IP on {oif} and my private network uses 10.0.0.x addresses (10.0.0.1 being the {iif} of the firewall).
I have a playstation 3 game console and I need to get it work so that games can be played on playstation network. Im using Modern Warfare 2 to test the firewall. This is what I've come up for now:
1) I tried this on the firewall:
Code:
ipfw add 2950 pass udp from me to any keep-state
games didn't work, I took one line from tcpdump and wrote it down. It goes like this:
Code:
16:33:12.631644 IP 10.0.0.8.3074 > 69.60.4.116.3074: UDP, length 4
that 10.0.0.8 is the IP of my playstation3
2) So next I try:
Code:
ipfw add 2950 pass udp from 10.0.0.8 to any keep-state
games (well, MW2) don't work, I take a longer copy&paste from tcpdump:
Code:
16:35:59.034213 IP service.playstation.net.5223 > 10.0.0.8.57813: Flags [.], ack 1426, win 82, length 0
16:35:59.517413 IP 10.0.0.8.3074 > 69.60.4.116.3074: UDP, length 3
16:36:03.054766 IP 10.0.0.8.49569 > 239.255.255.250.1900: UDP, length 132
Code:
ipfw add 2950 pass udp from any 3000-5000 to any 3000-5000
I start the game and try to join some game on PSN and it works. tcpdump gives stuff like this:
Code:
16:41:32.040522 IP ALagny-155-1-18-126.w90-3.abo.wanadoo.fr.3074 > 10.0.0.8.3074: UDP, length 29
16:41:32.055734 IP 10.0.0.8.3074 > ALagny-155-1-18-126.w90-3.abo.wanadoo.fr.3074: UDP, length 17
16:41:32.055806 IP 10.0.0.8.3074 > 5ac78946.bb.sky.com.3074: UDP, length 17
16:41:32.064659 IP brn29-2-88-164-42-56.fbx.proxad.net.3074 > 10.0.0.8.3074: UDP, length 29
16:41:32.067126 IP 130.241.2-93.rev.gaoland.net.3076 > 10.0.0.8.3074: UDP, length 29
So I kinda get MW2 to work, but Im not 100% satisfied as now I have to open UDP ports for incoming connections and I guess I have to make each game it's own rules to the firewall. Is there anyone who could help me out? How can I make a ruleset that won't allow that much incoming connections and would (most likely) work with all games without the need to always make new rules with new games.