From owner-freebsd-pf@freebsd.org Thu Mar 5 09:50:28 2020 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 279DC263F85 for ; Thu, 5 Mar 2020 09:50:28 +0000 (UTC) (envelope-from kisscoolandthegangbang@hotmail.fr) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04olkn0821.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::821]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48Y5b621yYz43J8 for ; Thu, 5 Mar 2020 09:50:25 +0000 (UTC) (envelope-from kisscoolandthegangbang@hotmail.fr) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mAw/KV3OR2WCiHDT/yr8tToUr6iHqtd37FucWHTKG97Fs4yRlIeXYRZoMx2ENNXZL8/B8m+jJDlJ0KnrTAFHCOVgARE9bjD/3/2VyfKaI1kS/Y++4Lfz44MN3A21QWTreQ86k8r0KlSZR52yAIpFxesm45XP4rjaYl9eWcZ//WSlTzmbK2wf5sMqk5OCKm25YlKltG/4DgXXTwoCVv1p9ulR+S7RKTxUV95u85QHgnCq6Dc1BjCY5lX7mNUxxs95HbIWNEfYKler5ol/XIhSVJlTTYDNkDl4+56x0aCcTGTYNf3h5kj/wq0IAczFSDjD+ft6sdEpOC6RoB8N8NtH5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jlGZGAqa2slP4zmK1Wersmh8zw3Qb1sl3GG3aaIbku4=; b=OvaR8hy/m+LWX73DnRbLjtBR0M88NvpO331fso+J0GG0j/aHBPHg7VPlYQZWeVIzhOmmlUn4nAPZ2jyR0uDvTx7aaSLA9N6tPA8iMGD/pjS/yxZgpc1PlPynX1yV1KcSOkWpCGmn7kPflmCfwSq5RmUrC5uGgg1hlRcD1i4w+XelOolkNWpJXegAkX7oLVcqPIS5yYoJOJKRdzW7FY2mn/c//fwKQVofyTr1uKmsNGWubsZjnEkJZbJWZrRarxA+KuiO4TvyIrXVtgZHQjDcMOUPEao2VZ/vrgbahN4NvtkIp6abZrB84IN4XYKwsHY59CeAvyBii7ItWGAwYTFfKQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from DB3EUR04FT054.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0c::36) by DB3EUR04HT243.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0c::399) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.11; Thu, 5 Mar 2020 09:50:24 +0000 Received: from VE1PR03MB5629.eurprd03.prod.outlook.com (10.152.24.52) by DB3EUR04FT054.mail.protection.outlook.com (10.152.24.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.11 via Frontend Transport; Thu, 5 Mar 2020 09:50:24 +0000 Received: from VE1PR03MB5629.eurprd03.prod.outlook.com ([fe80::157c:e8c6:4788:a521]) by VE1PR03MB5629.eurprd03.prod.outlook.com ([fe80::157c:e8c6:4788:a521%7]) with mapi id 15.20.2772.019; Thu, 5 Mar 2020 09:50:24 +0000 Received: from mail.lacabanedeladmin.trickip.net (93.1.37.139) by AM4PR0701CA0007.eurprd07.prod.outlook.com (2603:10a6:200:42::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.9 via Frontend Transport; Thu, 5 Mar 2020 09:50:23 +0000 Received: from slackstro.home.lan ([172.16.93.12]) (authenticated bits=0) by mail.lacabanedeladmin.trickip.net (8.15.2/8.15.2) with ESMTPSA id 0259oLbs057144 (version=TLSv1.2 cipher=AES128-GCM-SHA256 bits=128 verify=NO) for ; Thu, 5 Mar 2020 10:50:22 +0100 (CET) (envelope-from kisscoolandthegangbang@hotmail.fr) From: kaycee gb To: "freebsd-pf@freebsd.org" Subject: Re: Communication between routing domains and nat Thread-Topic: Communication between routing domains and nat Thread-Index: AQHV8oLzw0TNoTMJoEikdAQ14t1y86g5wfAA Date: Thu, 5 Mar 2020 09:50:24 +0000 Message-ID: References: In-Reply-To: Accept-Language: fr-FR, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: AM4PR0701CA0007.eurprd07.prod.outlook.com (2603:10a6:200:42::17) To VE1PR03MB5629.eurprd03.prod.outlook.com (2603:10a6:803:11e::30) x-incomingtopheadermarker: OriginalChecksum:A4C0666DE09FD1ABA2546945100912197C8FA9EE07986DD84618E14ABA915420; UpperCasedChecksum:000AA218BA6EDBC31549F02CEF65B374DD13554430C21FFB567509EE02CBFC30; SizeAsReceived:7978; Count:51 x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: Claws Mail 3.9.2 (GTK+ 2.24.20; x86_64-unknown-linux-gnu) x-tmn: [aFzFz4Ok0a5xvZbwAjIK14fMifGxCCko] x-microsoft-original-message-id: <20200305105020.793d61b3@slackstro.home.lan> x-ms-publictraffictype: Email x-incomingheadercount: 51 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: a2426eb3-04cc-488e-7bbb-08d7c0eaa03b x-ms-traffictypediagnostic: DB3EUR04HT243: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: nd+X4fwT0Kqp5mbf1z1AHfSjbVucP34nJbqI23Wvpth3Zd7YPDFloe65tUhs9OfD8bmwF9/nSKP3NbUaMfYI3Dz+TDC12oKizqqqrWNp+FaVjl2keUWAZMh56MEsKH4p/6H+/nd9IprS2tqqn1ZYhcX6vNhJiUr9zZKtlfPEYC5w4Tp+4EQtv5FUii87gBPg x-ms-exchange-antispam-messagedata: QYcGjkr2+QXXDlqOVGnIRSUL8fqI4Owc3CzUnbmqd1TxLwCfU9fZt7AMEEmB5/v0iP7EUCNXdWuKFMyVH/nYO9MAgQ3QZFb5npiwhsOj7BkXweRihPsOX6EDcw2vZrtBI8KOli9/+fcqPUtvRWmnQA== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: a2426eb3-04cc-488e-7bbb-08d7c0eaa03b X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2020 09:50:24.3405 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3EUR04HT243 X-Rspamd-Queue-Id: 48Y5b621yYz43J8 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=hotmail.fr; spf=pass (mx1.freebsd.org: domain of kisscoolandthegangbang@hotmail.fr designates 2a01:111:f400:fe0c::821 as permitted sender) smtp.mailfrom=kisscoolandthegangbang@hotmail.fr X-Spamd-Result: default: False [-3.79 / 15.00]; RCVD_TLS_LAST(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[6]; NEURAL_HAM_MEDIUM(-0.99)[-0.986,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a01:111:f400::/48]; FREEMAIL_FROM(0.00)[hotmail.fr]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.00)[ipnet: 2a01:111:f000::/36(-3.99), asn: 8075(-3.10), country: US(-0.05)]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_POLICY_ALLOW(-0.50)[hotmail.fr,none]; TO_DN_EQ_ADDR_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:8075, ipnet:2a01:111:f000::/36, country:US]; ARC_ALLOW(-1.00)[i=1]; FREEMAIL_ENVFROM(0.00)[hotmail.fr]; RECEIVED_SPAMHAUS_PBL(0.00)[139.37.1.93.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2020 09:50:28 -0000 Here is my pf.conf. I tried to slim it down as much as possible and in the = same time preserve important informations in my opinion. I can reproduce what I = said before with those lines.=20 table { $private_nets } table { $bcast_nets, $ext_if:broadcast } table persist table persist nat on $ext_if inet from $j2 to any port 53 -> ( $ext_if )=20 pass quick on lo0 from 127.0.0.1 to 127.0.0.1 pass quick on lo0 from $j2 to $j2 rtable 2 block log quick on lo0 block log quick on jsw1 pass out log quick on jsw2 proto udp from $j2 to $service1 port 53 rtable 0 pass out log quick on jsw2 proto udp from $j2 to $service1ext port 53 rtabl= e 0 block log quick on jsw2 pass in quick on tun0 proto udp from $tun0net to $vcns port 53 rtable 0 pass quick on { tun0, tun1 } proto gre block log quick on tun0 block log quick on tun1 pass in quick on gre0 proto ospf from { $gre0vc, $gre0rsn } pass in quick on gre1 proto ospf from { $gre1vc, $gre1rsn } pass out quick on gre0 proto ospf from { $gre0vc, $gre0rsn } pass out quick on gre1 proto ospf from { $gre1vc, $gre1rsn } pass in quick on { gre0, gre1 } proto udp from $service1 to $vcns port 53 rtable 0=20 pass in quick on { gre0, gre1 } proto udp from $rsnnet2 to $vcns port 53 rtable 0=20 pass in quick on { gre0, gre1 } proto tcp from $service1 to $vcns port 53 rtable 0=20 pass in quick on { gre0, gre1 } proto tcp from $rsnnet2 to $vcns port 53 rtable 0=20 pass in quick on { gre0, gre1 } proto tcp from { $rsnnet1, $rsnnet2 } to $vcsrv port 22=20 pass quick on { gre0, gre1 } proto gre block log quick on gre0 block log quick on gre1 block log quick on gre2 block in quick on $ext_if from block in quick on $ext_if from block in quick on $ext_if to block in quick on $ext_if proto tcp from to $ext_ip port 22 pass in quick on $ext_if proto tcp from any to $ext_ip port 22 block in log quick on $ext_if to $ext_ip pass out quick on $ext_if from $ext_ip block out log quick on $ext_if from ! $ext_ip block log quick Maybe someone would see something I can't see myself.=20 kaycee,