The Problem: I am unable to play Guitar Hero on the Internet with ANYONE through my OpenBSD-4.2 nat gateway. This might not be a problem with pf, but two of my friends are able to rock out with each other and with strangers... one through a linux gateway and the other through a linksys (!!!) WAP/gateway. I have reached the end of my troubleshooting process and I can see WHAT is happening but I can't figure out WHY it's happening.
The Setup: Internet <--> OpenBSD-4.2 <--> Linksys WRT54G (bridge) <---> Wii Relevant pf rules: nat on $IF_RR from 10.0.0.0/24 -> ($IF_RR) rdr on $IF_RR proto udp from $REMOTE_IP to ($IF_RR) -> $HOST_WII The redirect rule is my latest failed attempt to make this work... I can use the Wii (and my laptop) to browse the Internet flawlessly over the wireless network. When I try to connect to or create a game from the Guitar Hero menu I get "Error - 86070: Disconnected from network during transmission" and get dropped to the main menu. I have dumped a failed session on both the internal and external interfaces: # tcpdump -ni sis2 udp (sis2 is my internal interface) ... 22:14:55.815354 10.0.0.32.52233 > $REMOTE_IP.53582: udp 20 22:14:55.818824 $REMOTE_IP.53582 > 10.0.0.32.58882: udp 20 [tos 0x20] # tcpdump -ni sis1 udp (sis1 is my external interface) ... 22:14:53.665516 $MY_IP.56355 > $REMOTE_IP.53582: udp 20 22:14:53.675668 $REMOTE_IP.53582 > $MY_IP.58882: udp 20 [tos 0x20] # pfctl -s state | grep udp ... all udp 10.0.0.32:52233 -> $MY_IP:56355 -> $REMOTE_IP:53582 SINGLE:NO_TRAFFIC all udp 10.0.0.32:58882 <- $MY_IP:58882 <- $REMOTE_IP:53582 NO_TRAFFIC:SINGLE So... it looks like packets are going out over the Internet from port 56355 but they are coming back to port 58882. Before I added the rdr rule these packets were just dropped on the floor (obviously). Now, with the rdr rule, they're being forwarded to the Wii, where I presume they are being dropped. Has anyone else seen this? Am I doing something wrong?
