[ previous ] [ next ] [ threads ]
 From:  Adam Gibson <agibson at ptm dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  NATed UDP connections. How to keep source port the same.
 Date:  Wed, 10 Nov 2004 11:18:47 -0500
m0n0wall 1.1
Axiomtek NA-0041B

I am trying to replace a Linux firewall solution with m0n0wall on 
Axiomtek embedded system but I have found a problem that I do not know 
if it is a limitation/feature of ipfilter or the GUI or somehow I just 
missed a feature somewhere in the GUI.

I need the source port for a NATed udp connection to try and stay the 
same while traversing the firewall.  Iptables on Linux tries to keep UDP 
source ports the same unless iptables already has a NATed udp connection 
with that source port going outbound.  That always worked because I had 
each game server running on a seperate port.  It appears that m0n0wall 
does not behave that way.  The master server is getting a different 
source port now with m0n0wall.

For the game server I have been using, a udp connection is sent to a 
master server and the master server takes the source port from that 
connection and uses that for any clients requesting server lists from 
the master server.  UnfortuNATly m0n0wall translates the outgoing source 
port for UDP connections making it different than what the game server 
originated with when sending to the external destination master server.

Is there a way to have the NATed udp connection keep the source port 
when traversing the firewall?

- Service/DMZ network on seperate interface (private IPs and NATed)
- Game server on service network.
- Incoming NAT for udp port going to service network game server(this 
never gets used because the master server uses the translated port)

Any information would be appreciated.