Date: Tue, 28 Feb 2006 23:22:48 -0500 From: Yasholomew Yashinski <yashy@mail.yashy.com> To: pf@benzedrine.cx, freebsd-net@freebsd.org Subject: nat issue Message-ID: <44052198.30304@mail.yashy.com>
next in thread | raw e-mail | index | archive | help
I'm not sure what changed, as I haven't made any changes in the past 48 hours that I recall other than a portupgrade, however when I got home this afternoon my NAT was hosed. I'm using tun0 (PPPoE over hme0) on FreeBSD 6.0 sparc64. from pf.conf: anon_gw="206.248.137.44" nat_net="192.168.1.0/28" tun_if="tun0" nat on $tun_if from $nat_net to any -> $anon_gw # pfctl -sn nat on tun0 inet from 192.168.1.0/28 to any -> 206.248.137.44 rdr inet proto tcp from <spamd> to any port = smtp -> 127.0.0.1 port 8025 from sysctl: net.inet.ip.forwarding: 1 on the firewall/gateway: # tcpdump -i rl0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes 18:00:18.000470 IP 192.168.1.8.33243 > www.fark.com.http: S 3062197018:3062197018(0) win 5840 <mss 1460,sackOK,timestamp 10515598 0,nop,wscale 0> 18:00:20.998748 IP 192.168.1.8.33243 > www.fark.com.http: S 3062197018:3062197018(0) win 5840 <mss 1460,sackOK,timestamp 10518598 0,nop,wscale 0> 18:00:26.997008 IP 192.168.1.8.33243 > www.fark.com.http: S 3062197018:3062197018(0) win 5840 <mss 1460,sackOK,timestamp 10524598 0,nop,wscale 0> # tcpdump -i tun0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun0, link-type NULL (BSD loopback), capture size 96 bytes 21:26:11.200002 IP mail.yashy.com > 0.0.0.0: pfsync 452 21:26:11.255089 IP mail.yashy.com.51821 > dns.pppoe.ca.domain: 16429+ [1au] PTR? 44.137.248.206.in-addr.arpa. (56) 21:26:11.306036 IP dns.pppoe.ca.domain > mail.yashy.com.51821: 16429 1/2/3 PTR[|domain] 21:26:11.310112 IP mail.yashy.com.51821 > dns.pppoe.ca.domain: 58322+ [1au] PTR? 0.0.0.0.in-addr.arpa. (49) 21:26:11.360753 IP dns.pppoe.ca.domain > mail.yashy.com.51821: 58322 NXDomain* 0/1/1 (99) 21:26:12.364075 IP mail.yashy.com > 0.0.0.0: pfsync 228 21:26:12.366593 IP mail.yashy.com.51821 > dns.pppoe.ca.domain: 29161+ [1au] PTR? 22.154.248.206.in-addr.arpa. (56) 21:26:12.418296 IP dns.pppoe.ca.domain > mail.yashy.com.51821: 29161 1/2/3 PTR[|domain] 21:26:13.421003 IP mail.yashy.com > 0.0.0.0: pfsync 452 21:26:14.425044 IP mail.yashy.com > 0.0.0.0: pfsync 452 21:26:15.429063 IP mail.yashy.com > 0.0.0.0: pfsync 228 21:26:16.467022 IP mail.yashy.com > 0.0.0.0: pfsync 452 21:26:17.712070 IP mail.yashy.com > 0.0.0.0: pfsync 452 21:26:19.074030 IP mail.yashy.com > 0.0.0.0: pfsync 452 21:26:20.433105 IP mail.yashy.com > 0.0.0.0: pfsync 228 So I can see the requests going out on rl0 (but getting no reply), but it's not showing up on tun0/hme0 at all. I'm running bind on the fw/gw machine as well, so that is why the client is able to resolve www.fark.com (which makes me wonder why it's querying dns.pppoe.ca as I'm not trying to resolve anything that shouldn't be in the dns cache already..). Are all of these pfsync logs to 0.0.0.0 normal? I'm not using carp or anything, pflog is fine for me. I'm just installing lynx on the fw/gw now so I can search for myself :) On this linux client: $ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.1.10 0.0.0.0 UG 0 0 0 eth0 >From the client machines, I'm getting an IP via dhcpd from the fw/gw. I can ping the fw/gw as well as ssh to it etc. If I ssh to the fw/gw, I can get out from it no problem. I just can't get through the fw/gw from the client machines. I have done a pfctl -Fr temporarily to ensure it's not a misconfigured rule, but still no luck. My personal guess is it's not pf related and third party, but not sure what else to test.. Thanks in Advance, -- Yashy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44052198.30304>