PF configuration problem / lag
From: ViperDK \(Daniel K.\) (NoSpamRemoveThis_ViperDK_at_gmx.net)
Date: 05/03/04
- Next message: Marin: "Altq on mail server"
- Previous message: Bingoman: "Re: how to stop ppp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 3 May 2004 01:11:28 +0200
I have an pf.conf on my open-bsd-homeserver (xp client) and tried to
configure it. Surfing and EMule works fine but i have problems in a online
game (which worked well as i used FreeBSD in past). That game (Starcraft)
needs mainly the incoming port 6112. Connection is DSL (128kbps up, 768kbps
down)
Would be nice if you could take a look on my pf.conf and tell me what i
could do (i tried myself but..)
now some output from tcpdump and the pf.conf, of course.
thx in advance,
Daniel K.
------------------------
tcpdump -i tun0
19:34:25.954172 80.140.162.57.65144 > 80.109.6.242.6112: udp 17
19:34:25.954210 80.140.162.57.63966 > 213.7.65.36.58630: udp 16
19:34:25.954249 80.140.162.57.52198 > 217.94.107.37.6112: udp 17
19:34:25.968605 217.94.107.37.6112 > 80.140.162.57.56651: udp 16
19:34:25.968726 80.140.162.57 > 217.94.107.37: icmp: 80.140.162.57 udp port
56651 unreachable
19:34:25.993137 213.248.106.202.6112 > 80.140.162.57.52427: P 8:16(8) ack 9
win 65251
19:34:25.993790 80.140.162.57.52427 > 213.248.106.202.6112: P 9:17(8) ack 16
win 18391 (DF)
19:34:26.052621 213.7.65.36.58630 > 80.140.162.57.56651: udp 16
19:34:26.052756 80.140.162.57 > 213.7.65.36: icmp: 80.140.162.57 udp port
56651 unreachable
19:34:26.092779 213.248.106.202.6112 > 80.140.162.57.52427: . ack 17 win
65243
19:34:26.118635 213.7.65.36.58630 > 80.140.162.57.56651: udp 16
19:34:26.118745 80.140.162.57 > 213.7.65.36: icmp: 80.140.162.57 udp port
56651 unreachable
19:34:26.181709 80.218.119.125.6112 > 80.140.162.57.56651: udp 23
19:34:26.189123 80.140.162.57.56651 > 80.218.119.125.6112: udp 17
19:34:26.189292 80.140.162.57.65144 > 80.109.6.242.6112: udp 17
19:34:26.189333 80.140.162.57.63966 > 213.7.65.36.58630: udp 17
------------------------
cat pf.conf
ext_if="tun0"
int_if="ne3"
int_net="172.16.0.0/12"
router_ip="172.16.0.1"
viper_ip="172.16.0.6"
loop_if="lo0"
in_services_tcp="{ ssh, ftp, auth, http }"
in_mule_tcp = "{ 4661, 4662, 6978, 6979 }"
in_mule_udp = "{ 4665, 4672, 6988 }"
table <noroute> { 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16, !$int_net,
10.0.0.0/8, 255.255.255.255/32 }
set block-policy return
set loginterface $ext_if
set optimization conservative
scrub in all
altq on $ext_if priq queue { q_pri, q_high, q_def, q_low }
queue q_pri priority 7 priq(red)
queue q_high priority 4 priq(red)
queue q_def priority 1 priq(default red)
queue q_low priority 0 priq(red)
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $ext_if proto tcp from !$int_net to port 4661:4662 -> $viper_ip port
4661:*
rdr on $ext_if proto udp from !$int_net to port 4665 -> $viper_ip port 4665
rdr on $ext_if proto udp from !$int_net to port 4672 -> $viper_ip port 4672
rdr on $ext_if proto tcp from !$int_net to port 6978:6979 -> $viper_ip port
6978:*
rdr on $ext_if proto udp from !$int_net to port 6988 -> $viper_ip port 6988
rdr on $ext_if proto tcp from !$int_net to port 6112:6119 -> $viper_ip port
6112:*
rdr on $ext_if proto udp from !$int_net to port 6112:6119 -> $viper_ip port
6112:*
block on $ext_if
block return log on $ext_if
block quick inet6
pass quick on $loop_if
block in log quick on $ext_if inet from <NoRoute>
block in log quick on $ext_if inet to <NoRoute>
pass in quick on $ext_if inet proto icmp all keep state
pass in quick on $ext_if inet proto tcp to port $in_services_tcp flags S/S
keep state label ServicesTCP
pass in quick on $ext_if inet proto tcp to port $in_mule_tcp flags S/S keep
state label eMuleTCP
pass in quick on $ext_if inet proto udp to port $in_mule_udp keep state
label eMuleUDP
pass in quick on $ext_if inet proto tcp to port 6111><6120 keep state label
Broodwar
pass in quick on $ext_if inet proto udp to port 6111><6120 keep state label
Broodwar
anchor passin
pass out quick on $ext_if inet proto tcp from port 6111><6120 keep state
queue (q_high,q_pri) label Broodwar
pass out quick on $ext_if inet proto udp from port 6111><6120 keep state
queue (q_high,q_pri) label Broodwar
pass out quick on $ext_if inet proto tcp to port {ssh,http} keep state queue
(q_high,q_pri) label sshHttpOut
pass out quick on $ext_if inet proto tcp to port 6111><6120 keep state queue
(q_high,q_pri) label Broodwar
pass out quick on $ext_if inet proto udp to port 6111><6120 keep state queue
(q_high,q_pri) label Broodwar
pass out quick on $ext_if inet proto tcp to port {4661,4662} keep state
queue (q_low,q_pri) label Emule
pass out quick on $ext_if inet proto udp to port {4665,4672} keep state
queue (q_low,q_pri) label Emule
pass out quick on $ext_if inet proto tcp from port {4661,4662} keep state
queue (q_low,q_pri) label Emule
pass out quick on $ext_if inet proto udp from port {4665,4672} keep state
queue (q_low,q_pri) label Emule
pass out quick on $ext_if inet proto tcp from port {6978,6979} keep state
queue (q_low,q_pri) label Emule
pass out quick on $ext_if inet proto udp from port {6988} keep state queue
(q_low,q_pri) label Emule
pass out quick on $ext_if keep state queue (q_def,q_pri)
- Next message: Marin: "Altq on mail server"
- Previous message: Bingoman: "Re: how to stop ppp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
