From owner-freebsd-pf@freebsd.org  Mon Jun 29 08:27:02 2015
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 48D2798FEAD
 for <freebsd-pf@mailman.ysv.freebsd.org>; Mon, 29 Jun 2015 08:27:02 +0000 (UTC)
 (envelope-from dhartmei@insomnia.benzedrine.ch)
Received: from insomnia.benzedrine.ch
 (106.30.3.213.static.wline.lns.sme.cust.swisscom.ch [213.3.30.106])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "insomnia.benzedrine.ch",
 Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id CFE4A287C
 for <freebsd-pf@freebsd.org>; Mon, 29 Jun 2015 08:27:01 +0000 (UTC)
 (envelope-from dhartmei@insomnia.benzedrine.ch)
Received: from insomnia.benzedrine.ch (localhost [127.0.0.1])
 by insomnia.benzedrine.ch (8.14.6/8.14.6) with ESMTP id t5T8QtLt023440
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Mon, 29 Jun 2015 10:26:55 +0200 (MEST)
Received: (from dhartmei@localhost)
 by insomnia.benzedrine.ch (8.14.6/8.14.5/Submit) id t5T8Qs28004575;
 Mon, 29 Jun 2015 10:26:55 +0200 (MEST)
Date: Mon, 29 Jun 2015 10:26:54 +0200
From: Daniel Hartmeier <daniel@benzedrine.ch>
To: Milan Obuch <freebsd-pf@dino.sk>
Cc: Ian FREISLICH <ian.freislich@capeaugusta.com>, freebsd-pf@freebsd.org
Subject: Re: Large scale NAT with PF - some weird problem
Message-ID: <20150629082654.GA22693@insomnia.benzedrine.ch>
References: <20150620182432.62797ec5@zeta.dino.sk>
 <20150619091857.304b707b@zeta.dino.sk>
 <14e119e8fa8.2755.abfb21602af57f30a7457738c46ad3ae@capeaugusta.com>
 <E1Z6dHz-0000uu-D8@clue.co.za> <E1Z6eVg-0000yz-Ar@clue.co.za>
 <20150621195753.7b162633@zeta.dino.sk>
 <E1Z7Ixx-0006K1-5p@clue.co.za> <E1Z7K1Y-0006Ph-ON@clue.co.za>
 <20150623112331.668395d1@zeta.dino.sk>
 <20150628100609.635544e0@zeta.dino.sk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150628100609.635544e0@zeta.dino.sk>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2015 08:27:02 -0000

On Sun, Jun 28, 2015 at 10:06:09AM +0200, Milan Obuch wrote:

> So, now I am at 10.2-PRERELEASE, r284884, and the issue is still here.
> It is totally weird, just change of IP the device is being natted to
> makes the issue disappear for this particular customer, but as soon as
> this exact IP is used again, the issue is here again.

Do you have access to the upstream router?
Can you check its ARP table?

It could have a static ARP entry for this specific IP address, or there
could be an address conflict for that IP address...

Can't you tell us the network, netmask and the IP address?
Not even with the first octet redacted?

Daniel