Our server runs behind a Linux firewall and here's how I did it:
from the console
"
iptables -t nat -A PREROUTING -p udp -i eth1 -d <external IP> --dport 2302 -j DNAT --to <Internal IP of FL Server>:2302
iptables -t nat -A PREROUTING -p udp -i eth1 -d <external IP> --dport 2303 -j DNAT --to <Internal IP of FL Server>:2303
iptables -t nat -A PREROUTING -p udp -i eth1 -d <external IP> --dport 2304 -j DNAT --to <Internal IP of FL Server>:2304
iptables -A FORWARD -p udp -i eth1 -d <Internal IP of FL Server> --dport 2302 -j ACCEPT
iptables -A FORWARD -p udp -i eth1 -d <Internal IP of FL Server> --dport 2303 -j ACCEPT
iptables -A FORWARD -p udp -i eth1 -d <Internal IP of FL Server> --dport 2304 -j ACCEPT
"
This is port forwarding from scratch, may or may not work for you, hope it helps

Thanks for the suggestion, but I don't think freeBSD uses iptables at this point. Your post did, however, get me thinking about which ethernet adapter I was opening those ports on, and I am going to review my ipnat and ipf files to be sure I wasn't doing it all backwards, I will let you know if it works, and if it does I will post the solution here for others who find themselves in this situation. Simply knowing that linux firewall users have succeeded here has renewed my optimism.

Thanks again!
MyzTek

Hey NP man! Check in #freebsd on the undernet IRC network. Those guys know everything Otherwise you might search google for "bsd port forwarding". Best of luck!

Working solution for configuring a freeBSD firewall to allow users to connect to your flserver via the internet. This solution requires that your freeBSD firewall be using ipf and ipnat.

At the risk of making the post longer than necessary, I will try to be as thorough and clear as possible.

You will need to edit two files, ipf.rules and ipnat.rules both of which can be found in the /etc directory. Once the changes have been made and the files saved (you will need to be logged in as root to do so) ipf and ipnat rules will have to be reloaded for the change to take effect.

in the file ipf.rules you will need to add the following lines:

### Allow traffic for Freelancer
pass in quick on dc0 proto udp from any to any port = 2300
pass in quick on dc0 proto udp from any to any port = 2301
pass in quick on dc0 proto udp from any to any port = 2302
### change "dc0" in the above lines to the correct ethernet adapter in your system

This will allow outside traffic on the freelancer ports into your system, basically removing firewall protection from these ports. This is a security risk to the entire network, but necessary for hosting internet MP FL.

in the file ipnat.rules you will need to add the following lines:

### Redirects - forward these ports to flserver ip
rdr dc0 0.0.0.0/0 port 2302 -> your.fl.server.ip port 2302 udp
rdr dc0 0.0.0.0/0 port 2303 -> your.fl.server.ip port 2303 udp
rdr dc0 0.0.0.0/0 port 2304 -> your.fl.server.ip port 2304 udp
### change "dc0" in the above lines to the correct ethernet adapter in your system
### change your.fl.server.ip to the correct LAN ip for the box running flserver.exe

This will send all traffic recieved from the internet on the FL server ports to the computer in the LAN which is running the flserver.

Now you will need to execute two commands to put your changes into effect, these flush the existing rules and read all the rules from the files:

ipnat -F -f ipnat.rules

ipf -Fa -f ipf.rules

When you execute these commands, you may experience a temporary (few seconds max) interuption of your internet service, so don't panic when all your irc windows suddenly say "DISCONNECTED"

I must emphasize that you make sure you replace "dc0" in the above examples with the correct address of your external (connected directly to the internet) adapter. I spent three days pulling my hair out, trying to figure out why my server couldn't be connected to from outside, all because I got my external (dc0) and internal (r10) adapter addresses mixed up. You can see how opening inside ports will not help outside players get in.

You can probably find the address of your external adapter near the top of ipf.rules The first rule should be similar to:

pass out quick on dc0 proto tcp from any to any keep state

Where you find "dc0" in the above rule, you will find your external adapter's address in yours.

This thread now contains working solutions to the firewall problem for Linux and freeBSD (thanks again OpenSorce).

Game On!
-{MyzTek}-

P.S. You probably should not attempt this if you don't know anything about linux. Doing this correctly effectively punches a hole in your firewall. Doing this incorrectly can render your firewall completely useless.

-{MyzTek}-