On 2012-04-29 17:03, Michael MacLeod wrote:
I understand that cone NAT is a generally terrible and insecure way to do NAT, but game and application developers seem hell-bent on depending on cone NAT behaviour. Is there a way to make it work with PF?
Not directly, no. In most cases where the application/device will not work through symmetric NAT, all that is necessary is a port forward, not true full-cone NAT.
Have a look at the net/miniupnpd port. It is a UPnP daemon that anchors to pf and maintains rdr rules for dynamic port forwarding. You can do the same thing on a static basis by maintaining your own nat static-port and rdr rules if your SIP devices do not support UPnP.
For those who search mail archives, this is also how you get a FreeBSD router to make your PS3 show NAT type 2 instead of type 3 or your Xbox show NAT type open instead of strict or moderate.
_______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
